We require our users to change their password periodically like most organizations. I’m also sure like other organizations, our users typically ignore the warnings when logging in until they are no longer able to login. As an added awareness, we have scripts that run daily and send emails to users who’s passwords are getting ready to expire. That email contains the steps to use OWA to reset their passwords in the event someone is out of the office when this process begins. However, we still had staff that waited until their passwords expired and then they had to call in to get it reset.
To work around this we made some changes to OWA so that if a users password expired, or we set the option to require a password change at next logon they could change the password while out of the office.
On each of your Exchange 2013 CAS servers do the following:
- Open the Registry Editor (regedit.exe).
- Browse to: HKey_Local_Machine\System\CurrentControlSet\Services\MS Exchange OWA
- Add or edit the REG_DWORD entry “ChangeExpiredPasswordEnabled” and set it to “1”
- Open IIS Admin Console
- Expand ServerName, Sites, Default Web Site and click on OWA
- Click “HTTP Redirect” and make sure “Redirect requests to this destination” is not checked.
- Click on OWA (in the left pane), and then click “Authentication”
- Select Basic Authentication and click Edit.
- Set the “Default Domain” to your domain name and click OK.
- Start Command Prompt as Administrator
- Enter: iisreset /noforce
Now when a user’s password expires, you can direct them to your OWA login page. They can type in their username and their most recent password. If the password has expired, they will be given the option to change the password.
Source: www.petri.com
Be First to Comment