Change AD user password from a different domain

[Frieda]

We migrated our desktops and notebooks, including File Server to parent company. The user application is therefore in future be included in their AD. Since some application servers can not be migrated / should make the current AD is maintained. The two tribes have no domain trust, so that users need for access to applications and files in the current domain login. I could of course set the accounts so that the password no longer runs, but it is too unsafe. Now my question to you, Do you know a solution / or a similar web tool for the users from domain A to allow for the account in Domain B to change the password. I have searched a lot in Google but didn't find any appropriate solutions. So thought that you guys can help me in solving this problem. So please tell me how to change AD user password from a different domain.

[Justvicks]

Why do not fully migrated all the servers? Even though it is very time-consuming part -> it can basically migrate everything. It must be planned and implemented properly only. Better to have to go the hard way and work in a consolidated environment. You can try to Change => Say the [Ctrl] + [Alt] + [Del] => password for a foreign domain => Ideally, a web application. I am sure that you will get hint from this post.

[Frieda]

This is from the group is not wanted or desired. The network is separated by 2 VLAN. I think that you are getting what I want to say... The conversion of around 30 servers including applications and databases would be too much effort - is also the abundance of a detachment of some applications such as SAP ERP, etc. designed by - so it will be even more extensive and intricate. I had seen such a solution before - that was a WebApp is making you logged in with domain \ username and then had to change the password could - just would be ideal. So please help me in some other way.

[Lane]

Is OWA or other IIS bowl planned? The provision of a portal is all well and good. Only: who is the benefit? If you disable the password-expiration: none. If you enabled password expiration can you have two options: 1 The applications are familiar with AD and realize that the password has expired. Then they are almost certainly as much to offer an amendment. Or 2 The amendments do not know one with AD and report only the "Login not successful" when the password has expired. Then you get loads of tickets that the application does not work. Of course, then says the service desk, "they first try to change the password on the website" - but until then the user has already tried 10 times to start the application with the old data, and the account is locked. So the solution for this is Set up a password synchronization from the new Forest in the old. Free MS product (okay, one needs when that has not changed in the meantime Win Enterprise & SQL Enterprise) to the Identity Lifecycle Manager. And no Mike.ekiM: you need to _not_ Trust. How does that work then? About LDAP. ADMT is perhaps a little easier to handle, but that requires the trust. Technically, the trust without a problem. The following is the list of same :

• A server in the old domain
• PHP with LDAP
• IP connectivity to the new domain
• Identical user name or a way to resolve each other
• A user account which may change all passwords

ILM that is free of charge would be completely new. The last descendant of the clan, the free IIFP (Identity Integration Feature Pack) is. Its age, but very good functioning.
For the password must Synchronisiation in the source on each DC Forest of PCNS (Password Change Notification Service) is installed, if necessary, the parent company because something about it: I must admit, however, have not thought of anything further.

[Vitus]

No, that was unfortunately what I have not followed. You must own the PCNS to the domain controllers in the domain install, log on to the the user (because they change their password there as well). The PCNS picks up incoming requests to change the password and sends it to the IIFP. This in turn then the password in the target domain (ie your present). What is needed is the PCNS because only when the password change this at all unencrypted (or use a decrypted encryption) on the DC is present (alternative: you can "Store password with reversible encryption" set, then you could take the PCNS probably any Schedule-based Build a solution).