We have accounts whith only OWA access, because they are generic accounts and we do not want the accounts to be used as machine logins. We have a password policy that users must change their passwords every 6 months.
The problem we are having is that since the accounts are not loging into the machines, when the password policy kicks in it is preventing users with OWA only access from changing their password. Also, when we select "User must change the password at next logon" it also causes the same issue.
We have two exchange servers the main one and a front end one. what we have been doing with these generic account is in properties, under the "account" tab we restricted "log on to" to the front end server.
Just to clarify, when we have no restrictions, users can change their passwords via the web without any issues. It is only when we force them to only login via OWA that they cant change passwords.
I tried adding our domain controler and main exchange server to the "This user can log on to The following computers" in the account tab, but still it is not allowing them to change passwords.
Currently I have to manually reset the passwords for OWA only accounts. Is there anyway to allow OWA acconts to change passwords?
EDIT: Users restricted to only OWA can change their password via the web browser without any issues when there are no restrictions. In other words normally they can just log into outlook via the web and change their password, but when the password policy expires or we force them to change their password at next login, they are unable to.
Best Answer
This is the link that Werewolf was talking about.
http://support.microsoft.com/?kbid=833734
It looks like the dll was included in Server 03 SP1, but you have to manually register the dll and make some other changes. You might want to look into that.