Perhaps I am mistaken again but we wanted a web app that users could use to change their password if they knew it or use some knowledge to reset their password if they forgot it in Active Directory. Everything I read on the subject indicated that had to be done over LDAP.