Users can change their user password through the UAG portal. Providing this functionality, it is mandatory that the Active Directory configuration is using a hostname or fully qualified domain name instead of an IP-address. See Configuring Active Directory authentication for more information. It is also required to enable the account used as Server access credentials in the UAG Active Directory configuration with extended permissions. Follow these steps to allow the Server access credentials changing user passwords.
- Start the Active Directory Users and Computers management console (dsa.msc).
- Select the OU where the server access credentials should have change password permissions.
- Right-click the OU and select Delegate Control from the context menu.
- Click Next to start the delegation wizard.
- Click Add to specify the user account that is used as Server access credentials in UAG.
- Click Next to continue.
- In the Tasks to Delegate select Create a custom task to delegate and click Next
- In the Active Directory Object Type dialog, select Only the following objects in the folder and mark User Objects. Click Next to continue.
- In the Permissions dialog, mark General and mark Change Password. Click Next to continue the wizard.
UAG engineering blog 