Many moons ago, Microsoft had a tool called IISADMPWD that was a web-driven password change tool based on IIS. This tool was deprecated since II6 and is no longer available under a clean Windows Server install, but this is the Internet age, and there are many ways to resurrect useful utilities.
Recently I was working with a customer on a project and they had a nifty password reset tool. I asked them about it and they mentioned it was based on IISADMPWD and they took some CSS templates from Twitter’s open source repository. I asked the customer for their files, modified it a bit to run on Server 2012 R2, and figured I would share it with you. It’s all open source licensed. Nothing is sacred … and I like to give things away when I can.
Why do we care anyway? Why have a way to reset passwords via a website? Isn’t that why we have a help desk? Can’t you just do that already if you have Microsoft Exchange Server and utilize Outlook WebApp? Yes, of course those are viable options, but if you have Exchange Online only you cannot utilize password writeback. Well, you can, but not without an Office 365 / Microsoft Azure Premium integration. Here’s a nifty walkthrough that Jaap is blogging through if you’d like to see it. And yes, yes, there are many tools out there that you can utilize for this that are freemium or paid, but I wanted a simple free tool and that’s what IISADMPWD was and what is resurrected below for you.
Anyway, let’s move on and get to the fun.
Let’s start with a Server 2012 R2 box and add IIS with appropriate installation options including ASP, authentication, and the IIS 6 admin tools and scripts:
Excellent. Now, you can decide if you want to SSL secure this or not. There are many reasons why you would WANT to use SSL and very few why you wouldn’t, so let’s assume you will. In our case, I’ve secured this behind our Wildcard certificate:
Create a Site/Directory for this under our default IIS website. We’ll cleverly call it “password” for this blog’s purposes.
Now, unzip the contents of the tool to the /password folder you’ve created.
If you wanted to read more about this tool, here’s a nice little write up on GitHub (not my git repo – someone else’s).
Register the DLL:
Make any appropriate PasswordChangeFlgs if needed, but we didn’t need to in this scnario. We’re secure.
I adjusted our IIS “password” directory to utilize the pwreset.asp file as default:
You can, of course, enable authentication if you’d like:
Now you can adjust the ASP files to do what you want and customize it to your installation.
Start with the pwreset.asp file – you can customize some of the most useful sections in colors:
And the “Change” button colors and such are identified by CSS here:
And you can see I have them “blue” and “yellow” in CSS in the bootstrap.min.css file (from Twitter’s Apache license):
Now, focus on the pwchg.asp file and areas you can customize:
And now you’re ready to go. I hope this works!
Now click Change…
Excellent – password changed.
In our case, we utilize Azure AD Connect and synchronize our local Active Directory to Office 365, so let’s make sure that happens:
Win!
Like always, your mileage may vary. This worked well for our implementation and our goals are to utilize this as an on-premises (internal) solution. We may publish it over the Public Internet using SSL eventually, but for now, it’s an inside tool only.
As mentioned before, IISADMPWD is a deprecated product, so it’s possible that it’ll stop working on further updates – but as of publishing this is working perfectly in a Server 2012 R2 environment.