This feature is very vital when you have completely logged off your Windows PC and would like to reset it.
Here are the steps to have this completed. – Install the Windows Login Integration Client – After successfully installing this application, this functionality will be displayed close to your username on the logon screen “Password Reset”.
– Click on the Password Reset button as shown in the image above. This will prompt a web page as shown below. – Simply disregard the certificate warning and click on continue to proceed.
– Here enter your Domain username and click on proceed to the Security Questions
– As shown below, give the answers to the Challenge Certificate setup by you during the enrolment process.
Note: At least two minimum correct answers are required.
– Simply click on save ONLY in this step below and proceed to the next step.
– Enter the digits from Microsoft Google Authenticator as shown below and click on save.
– This will display a new Password Change window as shown below.
Enter the new Password
– Click on Password Change. After a successful password change, the following screen below will be displayed.
Note: To have the Password changed, you must be in compliance with the Password Policy. Also bear in mind you cannot change your password twice within 24 hours. This is due to the configured GPO.
Before proceeding to have your password reset, Users must first enroll in order to use the Self Service Active Directory Reset.
Users are not considered enrolled until they have fully set-up the Two Factor Authentication (2FA) and must have answered all the reset challenge questions as well. When you are logged in and currently not enrolled, the following link (banner) will be displayed as shown below.
Reset User Self Enrolment
follow these steps to complete your enrolment.
Click on this link and complete your
Setup Two Factor Authentication
answer and Challenge-Response
Note: After completing these tasks and
you wish to update your basic Information, Challenge questions and also have
your Two-Factor Authentication changed (modified), Please follow the steps
Clicking on your username
Click on Manage Account from the drop-down list.
Upon logging in with your Active Directory User Account, the following banner will be displayed as earlier discussed. – Click on the link as shown below
– This will open up the required configuration window as shown below.
– Click on enable two-factor provider and click on configure as shown below. Note: This step has to be completed first before proceeding to answer the challenge questions or else it will fail.
Currently, the Two-factor Authentication status shows Disabled. Click on Configure as shown above and enter the Configuration QR Code in your desired Authentication App.
Here I am using the Microsoft Authenticator, you can also use Google Authenticator etc.,
Note: You need to have any of this Authenticator already installed to perform this operation. Here are the steps for setting up Microsoft Authenticator. If you already have this setup, kindly skip this part.
- Launch the Microsoft Authentication App
- Tap the three dot menu button and
- Select Add Account
- Click on Other accounts (google, Facebook, etc.,),
Since we do not have the QR code to scan we will have to type this in manually.
- Click on Enter the Code Manually.
- Set the Account name:
Enter the “The Secret Key”: This is the value for this user as shown in the image above ENXXXXXXXXXXXXXXXXXXXX2E4TM
- Click on Finish. If successful, this message will be displayed.
Next, enter the 6 digits token generated from the Microsoft Authentication App as shown below
– Next click on Verify. This will display the next window below showing the Authentication Application is Configured Correctly and the status changed from Disabled to Enabled.
Next would be to set and answer the Challenge Questions (currently configured to have at least two minimum questions answered out of the three questions).
Enter your desired answers as shown in the below
Then click on Save.
Now you are fully enrolled as a Reset Password User and can now reset your password using any of the steps discussed in the next chapter (below). Also, this will eradicate the warning displayed as not enrolled yet.