Guidance on Implementing a Multi-Domain Active Directory "Forgot Password" Workflow**

Hi everyone,

I need some guidance on implementing a “Forgot Password” feature for users with accounts across multiple Active Directory domains.

The Requirements:

  • When a user clicks the Forgot Password link on the homepage, they should be directed to a form where they can select the domain for which they wish to reset their password.
  • Once they select the domain and enter their username (or email), the password reset process should only apply to the selected domain.

Key Questions:

  1. Do I need to set up Pass-through Authentication (PTA) for all the domains?
    I understand that PTA could be useful for seamless authentication between on-prem AD and Azure AD, but is it required if we’re only performing password resets in multiple AD domains?

  2. Custom Workflow
    I’m considering implementing a custom workflow triggered by the “Forgot Password” link. The workflow would:

    • Allow the user to choose their domain.
    • Verify their identity (via security questions, OTP, etc.).
    • Trigger the password reset in the appropriate Active Directory domain.

    I’d love to get feedback on this approach or hear suggestions for handling multi-domain AD password resets in a secure and efficient way.

Looking forward to hearing your thoughts and any tips you might have on how best to implement this!

I’ll keep you all posted on my progress.

Thanks in advance!

As promised, I’m providing an update on my progress following my previous query.

I’ve successfully developed a standalone application using the MVC (Model-View-Controller) architecture. Unfortunately, I am unable to share the code, as this application was developed specifically for my project. However, I would like to share the idea behind it, in case it might be useful or inspire others.

While I can’t share the codebase, I’m open to collaborating with the community on this concept and would be happy to work with anyone interested in contributing or discussing potential improvements.

Looking forward to hearing your thoughts!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.