Custom password workflow

Team, I have a requirement as below. Let me know if you have any suggestions.

Users have standard account and admin account(which used to login severs or dc) our helpdesk team have access to reset password for any account. We like to restrict agents should not see the admin account password during rest. Agent need to initiate or generate a process which should alert or send mail to user. Once user approved the password need to be changed by tool and again send back to user mail address without any manual intervention.