Hello,

I am trying to rollout password expirations to a subset of users, but I want them to be able to change their expired passwords in OWA. The thing that is throwing me off is we are trying to prevent them from logging in any domain computers interactively (via the Log On To settings in AD). If I enable the registry setting to enable the changing of expired passwords, will I need to add every domain controller to the allowed log on list or would it just be the domain controllers listed in "Domain Controllers used by Exchange" in the EMC (in the same site)? Or would i need to add all domain controllers throughout the domain?

Thanks

I think you need to add your Client Access / Exchange Servers names in Log On To field...

Hi,

Based on my knowledge,you need not to add all domain controllers ,you only need to add the domain controllers listed in "Domain Controllers used by Exchange.

The Password Reset Tool feature is not active by default. To activate this feature , you should make some changes in the below registry key:

HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

Create DWORD: ChangeExpiredPasswordEnabled with value: 1

Regards,

David

• Edited by David Wang_Microsoft contingent staff 5 hours 59 minutes ago