# IISADMPWD – Active Directory Password Change Portal for Modern Windows Server This project restores the classic **IISADMPWD password change functionality** on modern Windows Server versions (2008/2012/2016/2019/2022+) and provides a slightly modernized UI. It allows domain users to **change their Active Directory password through a web portal**. Microsoft deprecated this feature after **IIS 6**, so it is no longer available in clean Windows Server installations. This repository provides the required files and instructions to restore the functionality. ## Features - Active Directory password change via web UI - Compatible with modern Windows Server versions - Works behind reverse proxies such as Caddy, Nginx, and Traefik - Updated UI with a more modern look - Lightweight, with no external dependencies - No visible internal IIS path required for end users ## Architecture Example ```text User │ ▼ https://password.example.com │ ▼ Reverse Proxy (Caddy / Nginx / Traefik) │ ▼ IIS Server /reset-password ``` External users only see: ```text https://password.example.com ``` The internal IIS path remains hidden. ## Installation ### 1. Copy the files Copy the repository contents to your IIS server: ```text C:\inetpub\wwwroot\reset-password ``` The folder structure should look similar to: ```text reset-password ├─ aexp2.htr ├─ aexp2b.htr ├─ aexp3.htr ├─ aexp4b.asp ├─ achg.asp ├─ achg.htr ├─ iisadmpwd.htr └─ iispwchg.dll ``` ### 2. Register the password change DLL Open an **elevated command prompt** and run: ```cmd regsvr32 C:\inetpub\wwwroot\reset-password\iispwchg.dll ``` You should receive a success message similar to: ```text DllRegisterServer in iispwchg.dll succeeded ``` ### 3. Enable password change functionality Navigate to the IIS AdminScripts directory: ```cmd cd C:\Inetpub\Adminscripts ``` Then run: ```cmd cscript adsutil.vbs set w3svc/passwordchangeflags 0 ``` #### PasswordChangeFlags values | Value | Description | |------:|-------------| | 0 | Default – password changes enabled | | 1 | Allow password changes without SSL | | 2 | Disable password change | | 4 | Disable password expiration notifications | Recommended value: ```text 0 ``` ### 4. Enable Classic ASP This application requires **Classic ASP**. Install the feature using PowerShell: ```powershell Install-WindowsFeature Web-ASP ``` Or via **Server Manager**: ```text Web Server → Application Development → Classic ASP ``` ### 5. Create the IIS application Open **IIS Manager** and navigate to: ```text Sites → Default Web Site ``` Right click **Default Web Site** and select **Add Application**. Use the following values: **Alias** ```text reset-password ``` **Physical Path** ```text C:\inetpub\wwwroot\reset-password ``` **Application Pool** ```text DefaultAppPool ``` Click **OK**. ### 6. Restart IIS ```cmd iisreset ``` ## Local Test Open one of the following URLs in your browser: ```text http://SERVER/reset-password ``` or ```text http://SERVER/reset-password/aexp4b.asp ``` ## Reverse Proxy Example (Caddy) This example exposes the portal at: ```text https://password.example.com ``` while internally running under: ```text /reset-password ``` Example Caddy configuration: ```caddy password.example.com { handle { rewrite * /reset-password{uri} reverse_proxy :80 { header_up Host {host} header_up X-Forwarded-Host {host} header_up X-Forwarded-Proto https header_up X-Forwarded-Port 443 header_up X-Forwarded-For {remote_host} } } } ``` Users only access: ```text https://password.example.com ``` ## Security Notes - Always place the portal behind **HTTPS** - Prefer a reverse proxy with **TLS termination** - Consider restricting access to **internal networks or VPN** - Do not expose the portal publicly without proper access controls ## Supported Windows Versions Tested with: - Windows Server 2012 - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 ## Disclaimer This project restores functionality from deprecated IIS components originally shipped with **Windows Server 2003**. Use at your own risk. ## License Provided as-is for educational and administrative purposes.