We have to set a GPO to change passwords every 90 days along with complexity requirements and other settings. We have uses who work at remote sites and they only use the Exchange 2003 server to check mail, either through the Web Access or with Outlook, mostly Outlook 2003 or newer. When the 90 days is up, how do they change their password? We have mostly Server 2003 and our Exchange server is 2003 on a 2003 server and the remote users are mostly WinXP with a few Win 7. These users don't use VPN or Remote desktop. Is there a way to take them out of the domain so the rules don't apply to them but still allow them mailboxes and be in distribution groups on our domain? Is there a way to remotely reset a password?

We have to set a GPO to change passwords every 90 days along with complexity requirements and other settings. We have uses who work at remote sites and they only use the Exchange 2003 server to check mail, either through the Web Access or with Outlook, mostly Outlook 2003 or newer. When the 90 days is up, how do they change their password? When a user try to change his password, the Domain Controller holding the FSMO role will allow him to do a such task. So, the Domain Controller holding the PDC Emulator role should be accessible by these users so that they will be able to change their password. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

We have mostly Server 2003 and our Exchange server is 2003 on a 2003 server and the remote users are mostly WinXP with a few Win 7. These users don't use VPN or Remote desktop. Is there a way to take them out of the domain so the rules don't apply to them but still allow them mailboxes and be in distribution groups on our domain? To be member of a group in a domain, you should be member of that domain. So, there is nothing to do on the users' accounts. For the roles, you have not specified which roles you don't want to apply but if you don't that they will be applied, you should see how you are applying the roles (Don't apply them on these users) This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Is there a way to remotely reset a password? Your question is not enough clear. This is a Microsoft article about how to "Reset a user password" in Active Directory: http://technet.microsoft.com/en-us/library/cc782255%28WS.10%29.aspx This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

First of all, the reason I didn't create an OU is that after trying for weeks I've learned that these security settings can only be set at the domain level. You can't set different password rules at the OU level or child OU level. See my thread in GPO section which clearly answers that. Secondly, they can't log into the FSMO, or any server. They are remote users. They work hundreds of miles from the offices housing the server. No VPNs or Remote desktops. Just their Outlook authenticates when it checks mail. Yes, I could spend a week resetting everyone's password, but is there a way for them to do it from their remote locations? I'm not sure how to make it any more clear. They don't log into the network, so how can they change their passwords? After 90 days their Outlook just gives an error that they can't recieve mail (because their password has expired) so how do they proceed from there?

On Sat, 4 Sep 2010 19:59:41 +0000, NICAO2 wrote: We have to set a GPO to change passwords every 90 days along with complexity requirements and other settings.? We have uses who work at remote sites and they only use the Exchange 2003 server to check mail, either through the Web Access or with Outlook, mostly Outlook 2003 or newer.? When the 90 days is up, how do they change their password?? We have mostly Server 2003 and our Exchange server is 2003 on a 2003 server and the remote users are mostly WinXP with a few Win 7.? These users don't use VPN or Remote desktop.? Is there a way to take them out of the domain so the rules don't apply to them but still?allow them?mailboxes and be in distribution groups on our domain?? Is there a way to remotely reset a password? Sounds like your only real solution is to identify these users and then mark the properties of their accounts as Password never expires. This account setting will override the password policy setting in the GPO. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca

First of all, the reason I didn't create an OU is that after trying for weeks I've learned that these security settings can only be set at the domain level. You can't set different password rules at the OU level or child OU level. See my thread in GPO section which clearly answers that. Secondly, they can't log into the FSMO, or any server. They are remote users. They work hundreds of miles from the offices housing the server. No VPNs or Remote desktops. Just their Outlook authenticates when it checks mail. Yes, I could spend a week resetting everyone's password, but is there a way for them to do it from their remote locations? I'm not sure how to make it any more clear. They don't log into the network, so how can they change their passwords? After 90 days their Outlook just gives an error that they can't recieve mail (because their password has expired) so how do they proceed from there? First of all, for multiple password policies, by using AD 2008, this can also be solved with the new Fine grained password policies. So, if you migrate to windows 2008 you can set multiple ones. In your case, you are using AD 2003. The only one way you can proceed to create multiple password policies is to create child domains (You can apply a policy strategy on each domain). Secondly, if there is no way to access the DC holding the PDC Emulator FSMO role, you users will not be able to reset their passwords. You only have two solutions for your problem: Configure a VPN server so that these users will be able to access the DC holding the PDC Emulator FSMO role and reset their password via a VPN connection Enable Password never expire option (In the properties of the user account) This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi, Remote users could change their password via Outlook Web Access. Please refer to the following article to configure your Exchange server. Implementing the Change Password feature with Outlook Web Access http://support.microsoft.com/kb/297121 Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.