4.2 KiB
IISADMPWD – Active Directory Password Change Portal for Modern Windows Server
This project restores the classic IISADMPWD password change functionality on modern Windows Server versions (2008/2012/2016/2019/2022+) and provides a slightly modernized UI.
It allows domain users to change their Active Directory password through a web portal.
Microsoft deprecated this feature after IIS 6, so it is no longer available in clean Windows Server installations. This repository provides the required files and instructions to restore the functionality.
Features
- Active Directory password change via web UI
- Compatible with modern Windows Server versions
- Works behind reverse proxies such as Caddy, Nginx, and Traefik
- Updated UI with a more modern look
- Lightweight, with no external dependencies
- No visible internal IIS path required for end users
Architecture Example
User
│
▼
https://password.example.com
│
▼
Reverse Proxy (Caddy / Nginx / Traefik)
│
▼
IIS Server
/reset-password
External users only see:
https://password.example.com
The internal IIS path remains hidden.
Installation
1. Copy the files
Copy the repository contents to your IIS server:
C:\inetpub\wwwroot\reset-password
The folder structure should look similar to:
reset-password
├─ aexp2.htr
├─ aexp2b.htr
├─ aexp3.htr
├─ aexp4b.asp
├─ achg.asp
├─ achg.htr
├─ iisadmpwd.htr
└─ iispwchg.dll
2. Register the password change DLL
Open an elevated command prompt and run:
regsvr32 C:\inetpub\wwwroot\reset-password\iispwchg.dll
You should receive a success message similar to:
DllRegisterServer in iispwchg.dll succeeded
3. Enable password change functionality
Navigate to the IIS AdminScripts directory:
cd C:\Inetpub\Adminscripts
Then run:
cscript adsutil.vbs set w3svc/passwordchangeflags 0
PasswordChangeFlags values
| Value | Description |
|---|---|
| 0 | Default – password changes enabled |
| 1 | Allow password changes without SSL |
| 2 | Disable password change |
| 4 | Disable password expiration notifications |
Recommended value:
0
4. Enable Classic ASP
This application requires Classic ASP.
Install the feature using PowerShell:
Install-WindowsFeature Web-ASP
Or via Server Manager:
Web Server
→ Application Development
→ Classic ASP
5. Create the IIS application
Open IIS Manager and navigate to:
Sites
→ Default Web Site
Right click Default Web Site and select Add Application.
Use the following values:
Alias
reset-password
Physical Path
C:\inetpub\wwwroot\reset-password
Application Pool
DefaultAppPool
Click OK.
6. Restart IIS
iisreset
Local Test
Open one of the following URLs in your browser:
http://SERVER/reset-password
or
http://SERVER/reset-password/aexp4b.asp
Reverse Proxy Example (Caddy)
This example exposes the portal at:
https://password.example.com
while internally running under:
/reset-password
Example Caddy configuration:
password.example.com {
handle {
rewrite * /reset-password{uri}
reverse_proxy <ip-address>:80 {
header_up Host {host}
header_up X-Forwarded-Host {host}
header_up X-Forwarded-Proto https
header_up X-Forwarded-Port 443
header_up X-Forwarded-For {remote_host}
}
}
}
Users only access:
https://password.example.com
Security Notes
- Always place the portal behind HTTPS
- Prefer a reverse proxy with TLS termination
- Consider restricting access to internal networks or VPN
- Do not expose the portal publicly without proper access controls
Supported Windows Versions
Tested with:
- Windows Server 2012
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
Disclaimer
This project restores functionality from deprecated IIS components originally shipped with Windows Server 2003.
Use at your own risk.
License
Provided as-is for educational and administrative purposes.