Exchange 2007 SP3 / Exchange 2010 SP1 Password Reset (Expired passwords or Change at First logon)

In Exchange 2007 Microsoft Office Outlook Web Access (OWA) includes a feature to let users change their passwords. However, this feature requires that users log on to OWA to change their passwords. In a scenario in which a user password has expired, or in which users have to change their passwords when they first log on, users cannot log on to OWA to access the password change feature. Exchange 2007 SP3 adds a new feature to the Client Access server (CAS) role. This feature creates a new Internet Information Services (IIS) 7 module that detects expired passwords, and redirects users to a new change password page. By default, this feature is disabled. To enable the password reset feature, you must set a registry key.

To enable the password reset featureĀ 

1. Log on to the Exchange server that is running the CAS role by using an account that has local administrator rights.

2. Start Registry Editor, and then locate the following registry subkey:

HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

3. Create the following DWORD value if it does not already exist:

Value name: ChangeExpiredPasswordEnabledValue type: REG_DWORDValue data: 1

4. Exit Registry Editor.

5. Perform IISReset.

The password reset functionality is enabled when ChangeExpiredPasswordEnabled is set to a nonzero (0) value. If this registry value is missing or is set to a value of zero, the password reset functionality is disabled.

Exchange 2010 SP1: Now that SP1 has RTM, it brings this feature to Exchange 2010, the password reset feature is not active by default. To activate this feature in Exchange 2010 SP1, you will need to add the registry key above.