Free Self-service password reset (SSPR) functionality for users on a Windows Server-based Active Directory (AD) environment

blog.payperitem.com,

1. Open Source SSPR Solutions

🔹 1.1. PwdReset

  • GitHub: https://github.com/LussacZheng/PwdReset
  • A simple ASP.NET-based self-service password reset web portal for AD users.
  • Users answer security questions to reset their password.
  • Deploy on IIS.

Features:

  • User authentication via AD.
  • Web portal for password reset.
  • Secure question/answer mechanism.

💡 Useful for small-to-mid scale environments.

🔹 1.2. Self Service Password (LDAP Tool)

Features:

  • AD or LDAP backend.
  • CAPTCHA support.
  • Mail notification.
  • Security questions and token-based reset.
  • Can be integrated with Samba AD or Windows Server AD.

Setup requirements:

  • PHP web server (Apache/IIS with PHP).
  • Bind account with permissions to change passwords in AD.

2. Configuration Guide for LTB Self Service Password with Windows AD

  1. Install Apache + PHP (or use WAMP/XAMPP).
  2. Download the tool: bash clone https://github.com/ltb-project/self-service-password.git
  3. Edit config: conf/config.inc.php php $ldap_url = "ldap://your-ad-server.domain.local"; $ldap_binddn = "CN=svc-ldap,OU=ServiceAccounts,DC=domain,DC=local"; $ldap_bindpw = "your-password"; $ldap_base = "DC=domain,DC=local"; $ad_mode = true; $who_change_password = "manager"; // Or "user" $mail_from = "noreply@domain.local"; $notify_on_change = true; $use_questions = true;
  4. Enable password write-back permissions:
    • Ensure the bind account has “Reset password” permission on user objects in AD.
  5. Configure IIS (optional) if using Windows-native web server instead of Apache.
  6. Test with a regular domain user.

3. Optional Enhancements

  • ReCAPTCHA Integration: Prevent brute-force.
  • Email-based OTP reset: Add PHPMailer for SMTP integration.
  • HTTPS: Ensure the site is secured with a TLS cert (Let’s Encrypt or internal PKI).

4. Alternatives (Freeware, Not Fully Open Source)

ToolLicenseNotes
AdPassMonFreewareTray utility for end-users
Password Reset Portal (from MS)Built into Azure/HybridRequires Azure AD P1
RSAT Password Reset ToolFree with RSATAdmin tool only, not for self-service

✅ TL;DR Setup Recommendation

  • Use LTB Self-Service Password for a solid web-based portal.
  • Runs on PHP, supports AD, security questions, and email.
  • Free and customizable.
  • Best hosted on Linux but also works on Windows with IIS + PHP.

Active Directory Networking Server 2025 Website Windows

Related Posts

EaseUS Partition Master-(Technician Lisence Free)

EaseUS Partition Master is a user-friendly partition manager for Windows that allows users to create, resize, move, merge, format, and delete partitions on their hard drives without data loss. It’s designed for both basic and advanced disk management tasks, making it suitable for home users who need to manage storage…

Read More

How to edit document in Nitro PDF

To edit a document in Nitro PDF, follow these steps depending on what kind of edit you want to make—text, images, or pages: 📝 Edit Text in Nitro PDF 🖼️ Edit or Move Images 📄 Add or Remove Pages 🆕 Add New Text or Objects 💾 Don’t forget to save:…

Read More

Leave a Reply