Microsoft Windows Server 2008 R2 and Exchange 2010

Windows Server 2008 R2 builds on the award-winning foundation of Windows Server 2008, expanding existing technology and adding new features to enable IT professionals to increase the reliability and flexibility of their server infrastructures. New virtualization tools, Web resources, management enhancements, and exciting Windows 7 integration help save time, reduce costs, and provide a platform for a dynamic and efficiently managed data center. Powerful tools such as Internet Information Services (IIS) version 7.5, updated Server Manager and Hyper-V platforms and Windows PowerShell version 2.0 combine to give customers greater control, increased efficiency and the ability to react to front-line business needs faster than ever before......

Exchange 2010 SP1 Password Reset Tool

Exchange 2010 SP1 Password Reset Tool

Since SP1 for Exchange 2010 is released, it is time to start exploring some of the new features.  The first in line is the newly release password reset tool (this was also included in Exchange 2007 SP3). 
This has been a long awaited feature since OWA has been in use.  For users that primarily use OWA for email access or are primarily remote access users, administrators have always struggled with resetting user’s password that will force users to change at first logon.  Also users have struggled with remembering to reset their passwords through OWA before the password expired since their was no warning integrated with OWA.
The following is the setting within the user account that forces the user to change their password at next logon:

When a user tried to login to OWA with an expired password or configured to change their password at next logon, the user would see the following error: “The user name or password you entered isn’t correct. Try entering it again”

The Password Reset Tool feature is not active by default.  To activate this feature within Exchange 2010 SP1 (or Exchange 2007 SP3), all that is needed is one registry key:

HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

Create DWORD: ChangeExpiredPasswordEnabled with value: 1

  1. On the Client Access Server (CAS), click Start > Run and type regedit.exe and click OK.
  2. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA.
  3. Right click the MSExchange OWA key and click New > DWord (32-bit).
  4. The DWORD value name is ChangeExpiredPasswordEnabled and set the value to 1.
    Note: The values accepted are 1 (or any non-zero value) for "Enabled" or 0 or blank / not present for "Disabled"
  5. After you configure this DWORD value, you must reset IIS. The recommended method to reset IIS is to use IISReset /noforce from a command prompt.
Important: When changing passwords, users can't use a UPN (for example, johndoe@contoso.com) in the Domain\user name field in the Change Password window shown below.

After creating the registry entry, an IISReset must be performed.  Now under the same scenario, if a user is configured to change their password at next logon or if their password has expired, the user will see the new message: “Your password has expired and you need to change it before you sign in to Outlook Web App.”

Now the user can change their password before logging into OWA:

But that is not all…If a user’s password is set to expire within 14 days, a user will see a warning while they are logged into OWA and will have the option to reset their password:

I think we can all agree that this is a much anticipated feature that has been missing since the inception of OWA!



No comments:

Post a Comment

Subscribe to: Posts (Atom)