Password Expiry tool for WVD?

%3CLINGO-SUB%20id%3D%22lingo-sub-2148831%22%20slang%3D%22en-US%22%3EPassword%20Expiry%20tool%20for%20WVD%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2148831%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20company%20is%20moving%20away%20from%20VMWare%20horizon%20to%20WVD.%20Going%20live%20this%20week%20we%20have%20run%20in%20to%20an%20issue%20where%203rd%20parties%20that%20use%20are%20systems%20are%20unable%20to%20update%20expired%20passwords.%26nbsp%3B%3CBR%20%2F%3EEach%20person%20has%20to%20call%20our%20Servicedesk%20and%20request%20the%20password%20is%20changed%20on%20their%20behalf.%26nbsp%3B%3CBR%20%2F%3EHorizon%20has%20a%20built%20in%20mechanism%20for%20updating%20expired%20passwords%2C%20is%20there%20something%20built%20in%20to%20WVD%20%2F%20Remote%20desktop%20client%20that%20offers%20the%20same%20service%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2148831%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eexpired%20password%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Epassword%20expire%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPassword%20Expiry%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eupdate%20expired%20password%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWVD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Senior Member

Our company is moving away from VMWare horizon to WVD. Going live this week we have run in to an issue where 3rd parties that use our systems are unable to update expired passwords. 
Each person has to call our Servicedesk and request the password is changed on their behalf. 
Horizon has a built in mechanism for updating expired passwords, is there something built in to WVD / Remote desktop client that offers the same service? 

1 Reply

Are you using a Domain Controller with AD connect or AADDS to sync your identities?

 

I'm assuming a normal Domain Controller since you  mentioned your service desk manually resetting the passwords.

 

The problem is that the expiration policy isn't synced from AD to AzureAD. But if you have at least an AzureAD tenant with a P1 license then you can set an Expiration Policy on AzureAD and have it sync back the passwords when they are changed to AD with the Writeback setting.   Just make sure to disable the Expiration Policy on the regular AD.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writebac...

 

If you don't want to change the on-prem policy then I believe Passthrough authentication (passwords are checked on your on-prem AD instead of AzureAD and are subject to local policies) can help here as well. You also need a valid license for doing Self Service Password Reset :

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-faq#what-happens-i...