Node Password Reset

A modern password change and reset interface for Active Directory using Node.js.


  1. Ensure Node.js and NPM are installed.
  2. Download or clone this repository.
  3. Run npm install from the project’s root directory to install required modules.
  4. Create a file called “config.json” in the project’s root directory and specify the required configuration fields.
  5. Start the server with node index.js from the project’s root directory. A process manager such as PM2 can be used to run the server as a background process.


If HTTPS is used then a PEM formatted certificate and private key should be placed in the root directory as “cert.pem” and “key.pem”. If LDAP requires additional certificates they should be passed in the environment variable “NODE_EXTRA_CA_CERTS”.


Configuration options are stored in the JSON file “config.json” in the root directory. All fields are required unless marked as optional. Possible fields are listed below:


Port to use for the HTTP web interface. If httpsPort is specified then this will be used for redirection to HTTPS.

httpsPort (optional)

Port to use for the HTTPS web interface. If not specified, the web interface will be run over HTTP.

baseUrl (optional)

Used if running behind a reverse proxy or other situations where the ports are not directly accessible to the user.


Array of LDAP server hostnames such as “”. The port can be omitted if the default is used. Always uses LDAPS to connect regardless of port.


Appended to the end of usernames for authentication. An “@” symbol is inserted between the username and suffix. For example: “username” becomes “[email protected]”. Usually set to the UPN suffix or NetBIOS name.


Base DN to use for LDAP searches such as “DC=ad,DC=example,DC=com”.


When a password is reset, the user’s password is set to a random string of alphanumeric characters. If this does not match the password complexity requirements then a prefix can be used, otherwise use an empty string.


Sets the length of the random string of characters to use as a temporary password when the user’s password is reset.

debug (optional)

When true view templates will not be cached and verbose error messages will be shown.



The logo can be customised by replacing “static/logo.svg” with the desired logo. If this isn’t available in SVG format then “views/layout.pug” can be modified to change the file extension.


The icon can be customised by replacing “static/icon.png” with the desired icon. If another format is required then the file extension can be changed in “views/layout.pug”.


The file “views/layout.pug” can be modified to change the title.


Colours are specified within the “:root” element of “static/style.css” which can be modified if required.


Password Change

A user’s password can be changed from the main page. The user must have permission in Active Directory to change their password.

Password Reset

A password reset token can be generated from the “/reset” page. The user generating the reset token must have permission within Active Directory to reset the target user’s password. The user is assigned a temporary password which is stored with the token in the “tokens.json” file.


View Github