Change password option in StoreFront not shown for non-domain admins but is there for domain admins.

Set permissions on AD following this article https://support.microsoft.com/en-us/kb/2281774

The users AD accounts need READ access to the following objects:

• Domain Root Object: It looks up the primary domain of the Domain Controller and opens the domain for reading, which in turn opens the AD object for the domain, like DC=contoso,dc=com.
• Builtin container: This is the root object of the builtin domain. It is opened as the caller wants to verify its existence. Thus the caller needs read access to the container CN=Builtin,DC=contoso,dc=com.
• SAM server object: This object stores general permissions about general SAM account access and enumeration. It will be used on certain calls only. The object name is cn=server,cn=system,DC=contoso,dc=com.

1. In Active Directory Users and Computers select View -> Advanced Features
2. Create a new AD group containing the users that need access to the Change Password feature
3. Right click the domain root object -> Properties -> Security 
4. Add the new AD group with Read permissions -> Apply -> OK
5. Right click the Builtin container -> Properties -> Security 
6. Add the new AD group with Read permissions -> Apply -> OK
7. Select the System Container -> Right click the Server  samServer object -> Properties -> Security 
8. Add the new AD group with Read permissions -> Apply -> OK

Problem Cause

Active directory locked down.