PassCore: A self-service password change utility for Active Directory
⭐Please star this project if you find it useful!
PassCore is a very simple 1-page web application written in C#, using ASP.NET 5, Angular Material, Angular and Microsoft Directory Services. It allows users to change their Active Directory password on their own, provided the user is not disabled.
PassCore does not require any configuration, as it obtains the principal context from the current domain. I wrote this because a number of people have requested several features that the original version did not have. The original version of this tool was downloaded around 8000 times in 2.5 years. My hope is that the new version continues to be just as popular. There really is no free alternative out there (that I know of) so hopefully this saves someone else some time and money.
PassCore has the following features:
- Easily localizable (i.e. you can customize all of the strings in the UI -- see the section on Customization)
- Supports reCAPTCHA
- Has a built-in password meter
- Responsive design that works on mobiles, tablets, and desktops.
- Ensure the server running IIS is domain-joined. To determine if the computer is domain-joined:
- Go to the Start menu, right click on Computer, then select Properties
- Make sure the Domain field contains the correct setting.
- You need a Passcore copy to continue. We recommed to download the latest binary release of PassCore.
- NOTE: Before extracting the contents of the file, please right click on it, select Properties and make sure the file is Unblocked (Click on the Unblock button at the bottom of the dialog if it is available). Then, extract the contents of the zip file to the directory where you will be serving the website from.
- If you download the source code you need to run the following command via an Command Prompt. Make sure you start the Command Prompt with the Administrator option.
dotnet publish --framework net461 --output "<path>" --configuration Release
- The
<path>
is the directory where you will be serving the website from.
- Install the .NET Core Windows Server Hosting bundle.
- Go to your IIS Manager, Right click on Application Pools and select Add Application Pool.
- A dialog appears. Under Name enter PassCore Application Pool, Under .NET CLR Version select No Managed Code and finally, under Managed pipeline mode select Integrated. Click OK after all fields have been set.
- Now, right click on the application pool you just created in the previous step and select Advanced Settings .... Change the Start Mode to AlwaysRunning, and the Idle Time-out (minutes) to 0. Click on OK. This will ensure PassCore stays responsive even after long periods of inactivity.
- Back on your IIS Manager, right click on Sites and select Add Website
- A dialog appears. Under Site name, enter PassCore Website. Under Application pool click on Select and ensure you select PassCore Application Pool. Under Physical path, click on the ellispsis (...), navigate to the folder where you extracted PassCore.
- Important: Make sure the Physical path points to the parent folder which is the one containing the files, logs and wwwroot folders.
- NOTE: If the folder
logs
is not there you can created. To enable the logs you need to changestdoutLogEnabled
totrue
in theweb.config
file.
- Under the Binding section of the same dialog, configure the Type to be https, set IP Address to All Unassigned, the Port to 443 and the Host name to something like password.yourdomain.com. Under SSL Certificate select a certificate that matches the Host name you provided above. If you don't know how to install a certificate, please refer to SSL Certificate Install on IIS 8 or SSL Certificate Install on IIS 10 in order to install a proper certificate. Important: Do not serve this website without an SSL certificate because requests and responses will be transmitted in cleartext and an attacker could easily retrieve these messages and collect usernames and passwords.
- Click OK and navigate to https://password.yourdomain.com (the host name you previously set). If all is set then you should be able to see the PassCore tool show up in your browser.
NOTE: If you have a previous version, you can not use the same appsettings.json
file. Please update your settings manually editing the new file.
All server-side settings and client-side settings are stored in the /appsettings.json
file.
The most relevant configuration entries are shown below. Make sure you make your changes to the appsettings.json
file using a regular text editor like Visual Studio Code.
- To enable reCAPTCHA
- reCaptcha is enable in testing mode, please change the keys to use it with your application
- Find the
RecaptchaPrivateKey
entry and enter your private key within double quotes ("
) - Find the
SiteKey
entry and enter your Site Key within double quotes ("
)
- To change the language of the reCAPTCHA widget
- Find the
LanguageCode
entry and enter one of the options listed here. By default this is set toen
- Find the
- To enable the password meter
- Find the
ShowPasswordMeter
entry and set it totrue
(without quotes)
- Find the
- To disable the password meter
- Find the
ShowPasswordMeter
entry and set it tofalse
(without quotes)
- Find the
- To enable restricted group checking
- Find the
CheckRestrictedAdGroups
entry and set it totrue
(without quotes) - Find the
RestrictedADGroups
entry and add any groups that are sensitive. Accounts in these groups (directly or inherited) will not be able to change their password.
- Find the
- To provide an optional paramerter to the URL to set the username text box automatically
http://mypasscore.com/?userName=someusername
- This helps the user incase they forgot thier username and, also comes in handy when sending a link to the application or having it embeded into another application were the user is all ready signed in.
- The rest of the configuration entries are all pretty much all UI strings.
- Change them to localize or brand this utility to meet your needs
To run as a sub application you need to modify the base href="/"
value in the wwwroot/index.html
file to be the base url for PassCore. For example you might have PassCore setup at /PassCore so you would put
<base href="/PassCore/" />
- If you find a HTTP Error 502.5
- Ensure you have installed .NET Framework 4.6.1 or better
- If you find a HTTP Error 500 you can try
- Press Win Key+R to Open Run Window
- in the Run Window, enter "OptionalFeatures.exe"
- in the features window, Click: "Internet Information Services"
- Click: "World Wide Web Services"
- Click: "Application Development Features"
- Check the features.
- If your users are having trouble changing passwords as in issues #8 or #9 then try configuring the section
PasswordChangeOptions
in the/appsettings.json
file. Here are some guidelines:- Ensure
UseAutomaticContext
is set tofalse
- Ensure
LdapUsername
is set to an AD user with enough permissions to reset user passwords - Ensure
LdapPassword
is set to the correct password for the admin user mentioned above - User @gadams65 suggests the following: Use the FQDN of your LDAP host. Enter the LDAP username without any other prefix or suffix such as
domain\
or@domain
. Only the username.
- Ensure
PassCore is open source software and MIT licensed. Please star this project if you like it.