IISADMPWD on Server 2008 x64 and IIS7 - Change user domain password via a webpage
I needed to be able for users to change passwords in a different active directory, than our production domain.
I googled it a lot, and found out that the iisadmpwd isn’t actually included with IIS 7 and Server 2008.
But… I found this guide:
There are, however, some hiccups in that guide, which is why I choose to share my way of doing this. Read that guide however, if
you need to get this functionality on a 32-bit Server 2008.
This is for the 64-bit Server 2008. Right, let’s begin !
First of all, on the Server 2008 machine, you install the Web Server Role. Remember to include ASP and the IIS6 features in that installation.
When that’s done…
You find some Server 2003 IIS server. On that server, you find the folder “c:\windows\system32\inetsrv\iisadmpwd”.
Copy that folder to the Server 2008 machine, to the path “C:\Windows\SysWOW64\inetsrv\iisadmpwd”
Open a command prompt with elevated rights (Start, right click the command prompt, Run As Administrator).
In the elevated command prompt write:
regsvr32 C:\Windows\SysWOW64\inetsrv\iisadmpwd\iispwchg.dll
NB: It is VERY important that you write the complete path, or the DLL won’t register !
In that same elevated command prompt, you write:
cscript.exe c:\inetpub\adminscripts\adsutil.vbs set w3svc/passwordchangeflags 1
This should be the response:
NB: This specific value (1) will allow password change on non-secure ports, which is what I used for my test (I might add to this article, adding IP range security and SSL, depends on a talk I’ll be having tomorrow with a colleague).
The list of values are (snatched from the msdn blog post, for completeness, in case that blog post goes away at some point):
· 0: This is the default value. This value indicates that you must use a Secure Sockets Layer (SSL) connection when you change the password.
· 1: This value permits password changes on non-secure ports. This value is useful if SSL is not enabled.
· 2: This value disables the Password Change functionality.
· 4: This value disables the advance notification of password expiration.
Ok, goodie. Now you need to create an application pool on the Server 2008 IIS.
On the Server 2008 machine, start the Server Manager. Go to the “Roles/Web Server (IIS)/Internet Information Services (IIS) Manager” node.
Right click on Application Pools, and Add Application Pool.
This is what it should look like (You may or may not be able to use different settings. I used these, and they work for me):
Now go to the Default Web Site and right click it. Choose Add Application.
This is what it should look like:
NB: Very important that you call it “iisadmpwd”. I tried calling it something else, but seems the alias is hardcoded into one of the asp files. The password change page tried to return to a site by that name. When I created the application with the above name, it just worked.
Now press the “Connect as” button. Enter the account name using this format, and whatever password fits that account:
Press OK, return to the previous dialog, and press Test Settings. This should be the result of test settings (I removed the username of course):
And that’s it.
· If you registered the DLL correctly.
· If you got the OK from the admin vbscript.
· If you setup the application pool.
· If you added the application to the default web site.
You should be able to access the page on the URL:
http://server.domain.local/iisadmpwd/aexp4b.asp
And this is how it should look like in the browser:
When I’ve changed password, and want to use the “Back” link, I get an error (a 404 if I remember correctly). Given my time constraints,
I’m pretty sure I won’t be investigating this, as just entering the above URL again, will have you back on the password change page.
That’s it J Hope you can use this, I sure could’ve myself.
Comments [1]