This concerned "Change Password" but then I came across a reference to the effect that once this feature was enabled, it also handled "Expired Password".
Now I tried this on Active Directory Federation Services on Server 2016 Technical Preview 4 (ADFS 4.0) but the article states that it works on ADFS 3.0 (Server 2012 R2) as well.
After logging in with an expired password. I got:
Very neat!
However, for "Forgotten Password" i.e. user requires a "Reset Password", you are out of luck.
You could configure one of the configurable strings using PowerShell to say something like "Forgot your password?" and then link that to a custom web site that you would have to create that talks to AD via LDAP.
Obviously there are security constraints with this e.g. you need something like "Secret Q & A".
Enjoy!
3 comments:
Do I have to add any claims to receive these values?
Do I have to add any claims to receive these values?
No.
Post a Comment