Exchange Server 2007 SP3 and Exchange 2010 SP1, running on Windows Server 2008 or Windows Server 2008 R2 have a new feature that allow users with expired passwords to change their password. This also works for users with User must change password at next logon specified on their AD account. Here's how you do it:
- On Client Access Server (CAS), click Start, click Run and type regedit.exe and click OK.
Note: If you're using CAS Array, you must perform these steps on each CAS in the array.
- Navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA.
- Right click MSExchange OWA key and click New then click DWord (32-bit).
- DWORD value name is ChangeExpiredPasswordEnabled and set value to 1.
Note: values accepted are 1 (or any value not zero) for "Enabled" or 0 or blank / not present for "Disabled"
- After you configure this DWORD value, you must reset IIS - recommended method is to use IISReset /noforce from a command prompt.
Important: When you attempt to change password, currently you cannot use UPN (firstname.lastname@example.org) in Domain\user name (contoso\johndoe) field in 'Change Password' window shown below: