{"id":45709,"date":"2020-04-08T09:00:00","date_gmt":"2020-04-08T15:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=45709"},"modified":"2024-02-02T13:18:01","modified_gmt":"2024-02-02T18:18:01","slug":"remote-employee-passwords-active-directory","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory","title":{"rendered":"Remote Employee Password Changes to Active Directory"},"content":{"rendered":"\n

Many Active Directory<\/a> admins must now manage all-remote workforces, and one challenge in this new structure is remote end user password changes. <\/p>\n\n\n\n

It\u2019s worth noting that new NIST password guidelines<\/a> were published in 2019, including that organizations no longer need to enforce password expiration periods<\/a>, which might ease the friction of frequent password changes for some organizations. There will still be times when remote users need to change their passwords, though, and users can be locked out of their machines if they don\u2019t heed reminders to do so. In this post, we\u2019ll cover several methods for remote user password changes and explore how to make the process as easy and secure for users as possible.<\/p>\n\n\n\n

\n
\n \"JumpCloud\"\n <\/div>\n
\n

\n Breaking Up with Active Directory <\/p>\n

\n Don\u2019t let your directory hold you back. Learn why it\u2019s time to break up with AD. <\/p>\n <\/div>\n

\n Read Now<\/a>\n <\/div>\n<\/div>\n\n\n\n\n

VPN for Remote User Password Changes<\/h2>\n\n\n\n

Remote users with Windows systems and a VPN can connect directly to the organization\u2019s internal AD network to change their passwords, and admins can write simple scripts to email a notification to a user prior to their password\u2019s expiry. <\/p>\n\n\n\n

However, this method poses various challenges, particularly if a user ignores the reminder and lets their password expire<\/a>. This would likely require a walkthrough by IT to get their credentials reset and access to their machine restored. If the user heeds the password reminders, they should connect via the VPN and use CTRL+ALT+DEL to change their passwords before they unlock the machine with their new credentials.<\/p>\n\n\n\n

This method is not easily replicable for macOS systems. Microsoft discourages admins from binding non-Windows systems to the domain<\/a>. However, if those systems are bound to the domain, admins will need to train Mac users how to change their passwords in a way that keeps their keychain in sync<\/a>.<\/p>\n\n\n\n

Another option, which doesn\u2019t require a VPN, uses Azure Active Directory and Azure AD Connect to allow users to change their passwords in a browser. <\/p>\n\n\n\n

Azure Active Directory for Remote User Password Changes<\/h2>\n\n\n\n

Admins can enable browser-based, self-service password resets for remote users with Windows systems via Azure Active Directory and Azure AD Connect. Users change their passwords in a browser, and Azure AD Connect writes the changes back to an on-prem instance of Active Directory Domain Services.<\/p>\n\n\n\n

Microsoft cautions<\/a> that this configuration can de-sync passwords among AD products, though: \u201cIn a hybrid environment where Azure AD is connected to an on-premises Active Directory Domain Services (AD DS) environment, this scenario can cause passwords to be different between the two directories.\u201d<\/p>\n\n\n\n

Additionally, admins must pay for one of the premium Azure AD plans or the Microsoft 365 Business plan \u2014 they can\u2019t use<\/a> a standalone Office 365 plan. If admins have Mac systems in their fleet, they should note that Azure AD and AD are not designed for Mac system management, so Microsoft promotes another product, Intune<\/a>, to manage Macs. It\u2019s also worth considering other password-change methods that don\u2019t expose users to browser-based phishing attempts. <\/p>\n\n\n\n

Active Directory Integration for Remote User Password Changes<\/h2>\n\n\n\n

JumpCloud\u00ae<\/sup> Directory-as-a-Service\u00ae<\/sup> offers another option in its Active Directory Integration feature<\/a>. Once AD Integration is enabled, JumpCloud can serve as a comprehensive identity bridge between AD and the resources AD struggles to manage, including SaaS apps, cloud infrastructure, and Mac systems.<\/p>\n\n\n\n

AD Integration features a bidirectional sync with AD, so password changes are automatically written back to AD and extended elsewhere as needed. Both Mac and Windows users can change their passwords directly on their machines, which empowers them to take charge of their own passwords using familiar workflows and which guards against attempts to phish them via password-change emails or web pages. Users are much less likely to be tricked by a fake email or webform if they\u2019re trained to change their passwords on their machines.<\/p>\n\n\n\n

When a user updates the password on their device they also do so elsewhere \u2014 the change is written back not only to AD but also all other IT resources that require it.<\/p>\n\n\n\n

If you\u2019re interested in learning more about our AD Integration feature, we\u2019ve compiled a resource that details how it works and that previews various use cases, including user password changes. Click here to learn more about what Active Directory Integration can do <\/a>for your organization.
<\/p>\n","protected":false},"excerpt":{"rendered":"

Learn about several methods for remote user password changes, including through their machines directly.<\/p>\n","protected":false},"author":89,"featured_media":45712,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2337],"tags":[],"collection":[],"platform":[],"funnel_stage":[3016],"coauthors":[2545],"acf":[],"yoast_head":"\nRemote Employee Password Changes to Active Directory - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn about several methods for remote user password changes, including through their machines directly. Start a free 30 Day Trial today.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Remote Employee Password Changes to Active Directory\" \/>\n<meta property=\"og:description\" content=\"Learn about several methods for remote user password changes, including through their machines directly. Start a free 30 Day Trial today.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-08T15:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-02T18:18:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"780\" \/>\n\t<meta property=\"og:image:height\" content=\"520\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cassa Niedringhaus\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cassa Niedringhaus\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory\"},\"author\":{\"name\":\"Cassa Niedringhaus\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562\"},\"headline\":\"Remote Employee Password Changes to Active Directory\",\"datePublished\":\"2020-04-08T15:00:00+00:00\",\"dateModified\":\"2024-02-02T18:18:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory\"},\"wordCount\":712,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg\",\"articleSection\":[\"Remote Work\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory\",\"url\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory\",\"name\":\"Remote Employee Password Changes to Active Directory - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg\",\"datePublished\":\"2020-04-08T15:00:00+00:00\",\"dateModified\":\"2024-02-02T18:18:01+00:00\",\"description\":\"Learn about several methods for remote user password changes, including through their machines directly. Start a free 30 Day Trial today.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg\",\"width\":780,\"height\":520,\"caption\":\"person working on mac laptop at a desk\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Remote Employee Password Changes to Active Directory\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562\",\"name\":\"Cassa Niedringhaus\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/47c9209225a9cda7d94451f40f9aa273\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g\",\"caption\":\"Cassa Niedringhaus\"},\"description\":\"Cassa is a product marketing specialist at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she\u2019s not at work, she likes to hike, ski and read.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Remote Employee Password Changes to Active Directory - JumpCloud","description":"Learn about several methods for remote user password changes, including through their machines directly. Start a free 30 Day Trial today.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory","og_locale":"en_US","og_type":"article","og_title":"Remote Employee Password Changes to Active Directory","og_description":"Learn about several methods for remote user password changes, including through their machines directly. Start a free 30 Day Trial today.","og_url":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory","og_site_name":"JumpCloud","article_published_time":"2020-04-08T15:00:00+00:00","article_modified_time":"2024-02-02T18:18:01+00:00","og_image":[{"width":780,"height":520,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg","type":"image\/jpeg"}],"author":"Cassa Niedringhaus","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cassa Niedringhaus","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory"},"author":{"name":"Cassa Niedringhaus","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562"},"headline":"Remote Employee Password Changes to Active Directory","datePublished":"2020-04-08T15:00:00+00:00","dateModified":"2024-02-02T18:18:01+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory"},"wordCount":712,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg","articleSection":["Remote Work"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory","url":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory","name":"Remote Employee Password Changes to Active Directory - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg","datePublished":"2020-04-08T15:00:00+00:00","dateModified":"2024-02-02T18:18:01+00:00","description":"Learn about several methods for remote user password changes, including through their machines directly. Start a free 30 Day Trial today.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/04\/remote-employee-passwords-active-directory.jpg","width":780,"height":520,"caption":"person working on mac laptop at a desk"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/remote-employee-passwords-active-directory#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Remote Employee Password Changes to Active Directory"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/a1d99d1a0c59bccda454540d642bd562","name":"Cassa Niedringhaus","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/47c9209225a9cda7d94451f40f9aa273","url":"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5b22cb0dac3c3ae9baa4ea62d05c76e?s=96&d=mm&r=g","caption":"Cassa Niedringhaus"},"description":"Cassa is a product marketing specialist at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she\u2019s not at work, she likes to hike, ski and read.","sameAs":["https:\/\/jumpcloud.com\/blog"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/45709"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/89"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=45709"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/45709\/revisions"}],"predecessor-version":[{"id":104998,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/45709\/revisions\/104998"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/45712"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=45709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=45709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=45709"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=45709"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=45709"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=45709"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=45709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}