The New Exchange 2007 SP3 Password Reset Tool

Monday, June 28, 2010
Exchange Server 2007 Service Pack 3 includes a handy new web page that allows users to change their password before logging into Outlook Web Access (OWA).

Previously, new users who are required to change their password at next logon or users whose password has expired cannot log on to OWA.  They will get the less than helpful error from the OWA, "The user name or password that you entered is not valid. Try entering it again", as shown below:

In order to logon to OWA, the user must logon to the network, enter their old password and the new password.  Obviously, this causes problems for remote users whose password has expired or for new users who must change their password before logging in for the first time.

Exchange 2007 SP3 introduces a new SSL web page for these users that allows the user to change their password outside of OWA.  The page tells the user, "Your password has expired and you must change it prior to signing in to Microsoft Outlook Web Access."

Once the user changes their password, the page redirects the user back to OWA.

This new functionality is not enabled by default, since some organizations do not allow password changes from outside the internal network.  To enable it:
  • Logon to the CAS with administrator rights
  • Run Regedit and navigate to HLKM\SYSTEM\CurrentControlSet\services\MSExchange OWA
  • Create a new DWORD (32-bit) Value called ChangeExpiredPasswordEnabled
  • Assign the ChangeExpiredPasswordEnabled value: 1
  • Restart IIS using IISRESET /NOFORCE from the command line
Word is that Microsoft will implement the password reset tool for Exchange Server 2010 when Exchange 2010 SP1 is released.  It's a pretty handy feature!