Exchange admins who have been in the field for a while will have come across the end user difficulties of not being able to change their passwords using OWA when either the password has expired or the admin has forced for a password reset at login. Though there were workarounds in previous versions of Exchange, no work was done by the product group to make it an Exchange feature which can be turned on or off.
Exchange 2007 SP3 brings this feature to the table. The option is disabled by default and can be turned on with a registry edit on the CAS server.
To enable the password reset feature,
- Log on to the CAS server with an admin account.
- In registry editor, navigate to HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA
- Create the following DWORD value if it does not already exist. DWORD Name – ChangeExpiredPasswordEnabled, type - REG_DWORD and data set to 1.
- If the DWORD already exists, change the value from zero to one.
- Reset IIS from command prompt.
Users can now change their expired passwords or forced password reset through OWA. This is a big relief for mobile users. In my opinion, this feature should be enabled by default.