The IISADMPWD Replacement Tool provides a critical solution for organizations that previously relied on Microsoft's legacy IISADMPWD utility to allow Active Directory password changes from web applications. With the release of IIS 7 and subsequent versions, Microsoft discontinued support for the original utility due to architectural and security changes, leaving a gap for many businesses. This tool directly addresses that gap by offering a modern, compatible replacement. It protects websites and web applications by allowing users to change their Active Directory passwords even when their local or Active Directory account passwords are invalid or require a change upon next login. The solution leverages IIS Anonymous authentication, enabling users to access the web applications on IIS 7 regardless of their current password status. A key benefit is that it requires no changes to existing IIS 7 web application configurations, simplifying deployment and integration. The tool ensures a seamless user experience by allowing users to change their password from a web page and then redirecting them back to the original web application, maintaining the normal authentication scheme.

Features & Benefits

• Mandatory Password Change Support
  • Allows Active Directory password changes even when the "User must change password at next login" flag is set, ensuring compliance and security.
• Anonymous Authentication for Access
  • Utilizes IIS Anonymous authentication, enabling users to access web applications in IIS 7 regardless of their Active Directory or local password status.
• Seamless Web Application Integration
  • Easily integrates with existing web applications without requiring changes to their configuration.
• Integrated Password Management Applications
  • Includes two dedicated web applications: "Check Password Status" (optional, acts as the first page of authentication to determine if a password change is needed) and "Change Password" (allows users to update their Active Directory password, with redirection options from your website or the Check Password Status application).
• Post-Change Redirection
  • Redirects the user back to their web application after the password status check completes and no password change is needed, or after a successful password change.
• Preserves Existing Authentication Schemes
  • Allows your web application to authenticate the user with its normal scheme after the password change process.
• Error Redirection Handling
  • Can use an HTML redirector file to redirect clients encountering HTTP 401.1 errors (Access is denied due to invalid credentials).
• Flexible Account Store Compatibility
  • Works against both your Active Directory account store and/or local SAM Account database.