Password expiry outside of domain

Sam Blackwood 1 Reputation point
2020-03-20T12:18:45.733+00:00

Due to the current situation around the world my whole company is required to work from home. I have been informed that several users passwords are due to expire in the next few days.

If the user isn't connected to the domain then will their password actually expire? And if so then is there a way to reset it without been on the domain?

We have tried to reset the password but it won't allow it while outside of the domain.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,421 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. soumi-MSFT 11,786 Reputation points Microsoft Employee
    2020-03-20T12:32:28.95+00:00

    @Sam Blackwood , I believe you are talking about resetting the password for your users in On-Prem Active Directory. If yes, then you wont be able to reset the password until the machine on which user is trying to reset the password is able to speak to a domain controller in your domain. Also, the password would expire based on the password expiry time limit set in your group policies.

    In case users are not connected to the domain, they might not be able to find out that their password has already expired, but once they get connected back to their domain, then the old passwords would fail since already expired.

    One solution is to deploy VPN solutions so that when users are working from home they can connect to VPN which would allow them to get connected to your internal organization network and they can reset their password as an when required even while working from home.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.


  2. Vasil Michev 109.4K Reputation points MVP
    2020-03-20T12:44:11.27+00:00

    That's where the password writeback feature comes in: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
    Assuming you are already using Azure AD, that is. Similarly, you can use the password change page on and AD FS install: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/update-password-customization


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.