https://community.cisco.com/t5/network-security/change-active-directory-password/m-p/852151#M956938 <HTML><HEAD></HEAD><BODY><P>This is the command you are looking for. </P><P></P><P>password-management </P><P></P><P><A class="jive-link-custom" href="http://cisco.com/en/US/docs/security/asa/asa71/command/reference/p_711.html#wp1643267" target="_blank">http://cisco.com/en/US/docs/security/asa/asa71/command/reference/p_711.html#wp1643267</A> </P><P></P><P>Once enabled on the firewall all you have to do is make sure you are allowing mschap v2 in your remote access policy on IAS server. </P><P></P><P>When the user connects to the vpn and their password has expired, it will prompt them to change their password. </P><P></P><P>hostname(config)# tunnel-group group-name general-attributes </P><P>hostname(config-tunnel-general)# password-management </P><P></P><P>There is also a checkbox in the remote access policy in IAS to "allow user to change password after it expires"...check it.</P><P></P><P>See this post also...</P><P></P><P><A class="jive-link-custom" href="http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Virtual%20Private%20Networks&amp;topic=Network%20Management&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf3144" target="_blank">http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Virtual%20Private%20Networks&amp;topic=Network%20Management&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf3144</A></P><P></P><P></P></BODY></HTML> Wed, 16 Jan 2008 14:13:33 GMT acomiskey 2008-01-16T14:13:33Z https://community.cisco.com/t5/network-security/change-active-directory-password/m-p/852150#M956937 <P>Hi everyone,</P><P></P><P>I have a question that I hope you will answer for me. I'm running an ASA (8.0.2) and using the local Active Directory to authenticate the users while connecting with the VPN-Client and the Web SSL. So far so good, but is there any chances for the users to change the Active Directory password either from the VPN-Client or the Web SSL?</P><P></P><P>Kind regards</P><P>Per</P> Mon, 11 Mar 2019 11:49:03 GMT https://community.cisco.com/t5/network-security/change-active-directory-password/m-p/852150#M956937 ptenggren 2019-03-11T11:49:03Z https://community.cisco.com/t5/network-security/change-active-directory-password/m-p/852151#M956938 <HTML><HEAD></HEAD><BODY><P>This is the command you are looking for. </P><P></P><P>password-management </P><P></P><P><A class="jive-link-custom" href="http://cisco.com/en/US/docs/security/asa/asa71/command/reference/p_711.html#wp1643267" target="_blank">http://cisco.com/en/US/docs/security/asa/asa71/command/reference/p_711.html#wp1643267</A> </P><P></P><P>Once enabled on the firewall all you have to do is make sure you are allowing mschap v2 in your remote access policy on IAS server. </P><P></P><P>When the user connects to the vpn and their password has expired, it will prompt them to change their password. </P><P></P><P>hostname(config)# tunnel-group group-name general-attributes </P><P>hostname(config-tunnel-general)# password-management </P><P></P><P>There is also a checkbox in the remote access policy in IAS to "allow user to change password after it expires"...check it.</P><P></P><P>See this post also...</P><P></P><P><A class="jive-link-custom" href="http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Virtual%20Private%20Networks&amp;topic=Network%20Management&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf3144" target="_blank">http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&amp;forum=Virtual%20Private%20Networks&amp;topic=Network%20Management&amp;CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf3144</A></P><P></P><P></P></BODY></HTML> Wed, 16 Jan 2008 14:13:33 GMT https://community.cisco.com/t5/network-security/change-active-directory-password/m-p/852151#M956938 acomiskey 2008-01-16T14:13:33Z https://community.cisco.com/t5/network-security/change-active-directory-password/m-p/852152#M956939 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Thanks a lot!</P><P></P><P>Kind regards</P><P>Per</P></BODY></HTML> Wed, 16 Jan 2008 14:19:04 GMT https://community.cisco.com/t5/network-security/change-active-directory-password/m-p/852152#M956939 ptenggren 2008-01-16T14:19:04Z