When implementing a custom authentication mechanism, you will also have to disable the change password and signup features and ensure these are implemented manually. To do this, go to the Advanced area under the Application record, and change the "Disallow Password Change" setting to Yes. Also, under the Application settings itself set "Allow User Signup" to No.

 You can then add your own Update Password action on the Users tab.

 The Update Password action could utilize the Active Directory function in DbfScript to modify the password:

 call domain:ChangePassword("domain", "user", "oldpassword", "newpassword", "domainadmin", "domainadmin_password")

 Here you will replace domain with the name of the domain, user with the name of the user whose password you are changing, oldpassword is the old password (or Nothing() if you are setting the password), newpassword is the new password. You will also have to specify the domain administrator login name and their password. You may want to store this in the database for security purposes.

 There are two common problems that arise with modifying the password:

 1. By default, Active Directory only allows a password to change once a day. Change the default domain group policy so that the Minimum Password Age is 0 days if you wish to allow your users to update their password more than once per day.

 2. If you specify Nothing() for the oldpassword, this will require a special permission to be added to the user. Add the Reset Password permission to each user as follows: First you have to go to Active Directory Users and Computers. Then go to View / Advanced Features. Then right click on the user and go to properties. Then go to the Security tab. Then scroll down to the property "Reset Password" and check "Allow". Please refer to the Active Directory support website for further information.