Exchange Server 2010 Service Pack 1 and Exchange Server 2007 Service Pack 3 (running on Windows Server 2008 or Windows Server 2008 R2) have a new feature that will allow users with expired passwords to change their password. This also works for users who have their accounts configured to change password on next logon (User must change password at next logon in ADUC).
Use this procedure to enable it on Exchange 2007 SP3 and Exchange 2010 SP1 Client Access servers:
Note: If you are using a CAS Array, you must perform these steps on each CAS in the array.
- On the Client Access Server (CAS), click Start > Run and type regedit.exe and click OK.
- Navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA.
- Right click the MSExchange OWA key and click New > DWord (32-bit).
- The DWORD value name is ChangeExpiredPasswordEnabled and set the value to 1.
Note: The values accepted are 1 (or any non-zero value) for “Enabled” or 0 or blank / not present for “Disabled”
- After you configure this DWORD value, you must reset IIS. The recommended method to reset IIS is to use IISReset /noforce from a command prompt.
Important: When changing passwords, users can’t use a UPN (for example, firstname.lastname@example.org) in the Domain\user name field in the Change Password window shown below, unless E2010 SP1 RU3 or later has been deployed on the Client Access servers.