As IT Support, my team is taking so much time reseting passwords. So, we thought it would be interesting to enable some sort of Password Challenge in Active Directory so users could reset their own passwords, after correctly answering some questions.
Despite we alert users by mail when their passwords are going to expire, they just delete the mail and go on so we think it should be a great idea.
I've seen some commercial products but I'm not sure if there is something built-in or GPL to enable this kind of feature.
Could someone shed some light about it?
There is nothing built-in to Active Directory to allow self-serve password resets. The only Open Source utility in this vein that I am aware of is pwm.
Of course, as I'm sure you already know, this isn't a technology problem, this is a personnel problem. What you need is management support behind an initiative to encourage employees to take responsibility for their own technology.
At once place I'm aware of, password resets as a result of lockout caused a $5 charge. In cash. In a tip jar. On the Sr. SysAdmin's desk. That kind of management is awesome. That is not the norm, but nevertheless, you can implement whatever technology you want, but after you implement a self serve portal, people will simply ignore the URL for the page and instead call you on your desk phone whining "You used to do this for me before!"