I need help regarding this problem. I have a Cisco ASA5510 firewall that has SSL Web VPN functionality and is utilizing AD Server as Authentication server for users. However, we have a policy to change password at certain point of time. Users in the office have no problem. They just login their PC and change password. Users outside of office is a pain when their password is expired. Is it posible for them to change their AD password thru VPN using Cisco Anyconnect? If yes, can you show me how?
Yes, you can configure "password-management" command.
Here is the command for your reference:
Hope that helps.
If your Ad is acting as a LDAP server and listining to port TCP 636 then this is what you need to configure:
However, IF AD is acting as a radius server (like MS IAS or NPS) then you just need to issue "password-management" under respective tunnel-group on ASA.
The only difference in both the setup is that with LDAP, the end user will get a warning before password get expired and with radius the user will be prompted to change the password very last day.
Let us know if you have any doubt.