We're trying to implement a php-based active directory password reset for our local intranet. One of the major requirements is that it respects the password policies set up in AD.
I've got a solution working well for when a user wants to reset their password, and they know their old password - essentially just a remove/add batch.
However, I'm having trouble figuring out a solution for when a user has forgotten their password. Because we don't know the old password, we'd have to do an administrative reset, but that doesn't respect the password policy. Alternatively, we could administratively reset the password, and then immediately force the user change their password. Unfortunately, doing two password resets in a row would force us to have the 'password minimum age' requirement turned off.
It seems like this has to be a typical use-case, so I'm guessing I'm just missing something obvious?
Thanks!