Change domain password from non-domain computer (AD)

I have a domain controller on Windows Server 2008. When I set up my users, I gave them all a dummy password with the "must change on next login" checked.

Everyone's machine is all on the same network as the domain controller, but we are not forcing them to join their computers to the domain. The DC has a website which requires the use of domain accounts to access it.

How do I tell my users to change their domain passwords without connecting their PC to the domain or making them log in to a machine on the domain? I do not want anything I will have to install on each client to allow them to change their passwords (I have a password expiration policy). Most of these workstations are XP.


I downloaded a web-based password change application from http://www.netwrix.com/. I could have built one, but I don't exactly have the time. They have a freeware version that does what I need. It's in asp.net, so I was able to modify the aspx pages/layout to customize the look a little.


If you also use Exchange in your environment, depending on the version of Exchange, you may be able to implement this using OWA.

I'm guessing that the website that runs from the DC doesn't allow a change password dialog of any kind when users connect with their current passwords?

For example, one of the environments I support has Exchange 2007 on the back end. This morning I set myself to "Must change password on next login", waited a few minutes, and then logged into OWA. It let me in without changing my password, but gave me a message saying, "Your password expires today, would you like to change it now?"

This seems to be the way OWA works - when I reconnected to the server it forced me to change my password immediately, whereas OWA let me see my inbox and offered me a chance to change my password since it was expired.