locked
Password expiry and Outlook Anywhere password prompt RRS feed

  • Question

  • Hi all

    I have some work to do on mailbox password expiry and how it links in with my non-active Directory "central authentication system". I intend to set an Active Directory password expiry policy (Say 30 days for instance), but there are some concerns I have.

    1) All my 1000's of mailbox users access their mailbox using Outlook Anywhere...their are ZERO Direct MAPI connections.  Does anyone have experience of "suppressing" the Outlook "Change Password" form?

                          a) I am pretty sure this cannot realistically be done as it's an Outlook Client form, so my intended approach was just to somehow prevent the Outlook "Change password" reset process from being successful...i.e. even if you enter in username, password Domain etc at the "Change password" form, it won't be successful.....SO you would HAVE to reset the password centrally.

    I did read "somewhere" that you CANNOT reset a password via "Change Password" when using HTTP\RPC (Outlook Anywhere), can anyone validate that for me via a Technet article or something?? If this IS true, then that's my answer....

    The worry I am having is that if Users password expire, and they DONT use our central (NON-Active Directory) authentication system to reset their password, they will try to do so via the outlook "Change password" tool, which I DO NOT want because this does not replicate back to the "Central authentication system"....

     

    Monday, July 18, 2011 11:00 AM

All replies

  • Users do not have access to change their password via outlook when connected via RPC over HTTPs. I dont have a technet handy but its a pretty well known "feature". You also need to make sure the change password feature is disabled in OWA for the users and then they will be forced to call the help desk or use your central system. http://technet.microsoft.com/en-us/library/bb684904.aspx

     


    DJ Grijalva | MCITP: EMA 2007/2010 | www.persistentcerebro.com
    Monday, July 18, 2011 2:15 PM
  • Hi,

    Are you using Exchange 2010? If yes than here is what you were looking for.
    http://technet.microsoft.com/en-us/library/bb123962.aspx

    Post the update. 


    Gulab | MCITP: Exchange 2010-2007 | Skype: Gulab.Mallah | Blog: www.ExchangeRanger.Blogspot.com
    Monday, July 18, 2011 2:17 PM
  • Hi DJ\Gulab

    Yes, OWA Change password is indeed disabled. 

    However, When someone is logged into Outlook via RPC/HTTPS, and during that session their password expires, it appears to me that they DO actually received the "Change password" form.  It doesnt looks like they can actually change the password, but it does seem as if they get the form.

    Does that match your understanding of it??

    In addition, if I browse to ""Tools\Options\Other\Advanced Options\Custom Forms\Password"", I can see the structure of the "Change Windows Password" form..... it has the following 5 fields:

    Username, Domain, Old password, New password, Confirm New password.

    Interestingly, when the users password expires during their Outlook rpc/https session, they also get prompted to change password, but the "Microsoft Office Outlook" form which appears INCLUDES a field called "Microsoft Exchange".........  

    Can anyone explain the reason for that?

    Cheers all,

    Tom

    Monday, July 18, 2011 2:44 PM