Pages

Search This Blog

Friday, August 17, 2012

Enable expired password change feature in Outlook Web App

One of the enhancements that was introduced with Exchange 2010 SP1 and Exchange 2007 SP3 is the ability to change expired passwords using OWA .

This feature is disabled by default ! . You can enable and start use this feature by creating a registry value on all Client Access Servers ( CASs ) within your Exchange organization ; the value have the following settings :

Adding of this value can be simplified by executing the following command at an elevated command line :

Reg Add “HKLM\System\CurrentControlSet\Services\MSExchange OWA” /V ChangeExpiredPasswordEnabled /t Reg_DWORD /d 1

image

Once the command is executed successfully the value will be in place as below : 

image

All remaining after setting the DWORD value is to reset IIS. The recommended method to reset IIS is to use IISReset /noforce from a command prompt. After that , OWA users will be able to renew their expired passwords via OWA ( This also works for users who have their accounts configured to change password on next logon (User must change password at next logon in ADUC)

image

Bonus :

Exchange 2010 Service Pack 1 Update Rollup 3 and later supports using a UPN ( e.g. itguy@itguydiaries.net ) in the change password dialog. Also, please see our TechNet documentation on the subject