Blog Post

Exchange Team Blog
2 MIN READ

What you need to know about the OWA Change Password feature of Exchange Server 2007

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Dec 10, 2008

Update:  We have new features available for password funcationality.  See the new post, So you want to change your expired passwords in OWA...

Recently, we've seen calls on OWA Change Password functionality and questions about the features with Windows Server 2008.  The following is a quick synopsis of what you need to know to get this working the way you need it to.

Previous versions of Exchange Server utilized the Change Password functionality for IIS 5 and 6 using the IISADMPWD virtual directory and a .DLL file on the server.  These configurations were discussed in the following KB articles:

FIX: You experience various problems when you use the Password Change pages in IIS 5.0
http://support.microsoft.com/?kbid=831047

FIX: You experience various problems when you use the Password Change pages in IIS 6.0
http://support.microsoft.com/?kbid=833734

Implementing the Change Password feature with Outlook Web Access
http://support.microsoft.com/?kbid=297121

This method is no longer required with Exchange Server 2007.  However, it can be used with Windows Server 2003 and Exchange Server 2007 configurations when the ability to change passwords after they have expired or when users are required to change their password at the first logon is needed.  An Exchange Server 2007 Help topic discusses the uses and configuration of Change Password functionality:

Configuring the Change Password Feature in Outlook Web Access
http://technet.microsoft.com/en-us/library/bb684904.aspx

Please note that the IISADMPWD functionality is not included with IIS 7.0 on Windows Server 2008.  Some workarounds have been posted on the web that show a method to implement the same behavior for IIS 7.0.  However, these workarounds are not supported or recommended by Microsoft and we have observed that the solution does not always work as expected with Exchange Server 2007.  Specifically, changing passwords for users whose passwords have expired is unreliable. 

If you require the ability to change passwords after they have expired or when the user must change the password at first logon, and your Client Access Servers run Windows Server 2008 and Exchange Server 2007 SP1, you can use ISA Server 2006 to implement the feature.  See the following:

Configuring and Troubleshooting the Password Change Feature in ISA Server 2006
http://technet.microsoft.com/en-us/library/cc514301.aspx

Also, see the following:

https://blogs.technet.com/isablog/archive/2007/08/23/password-change-with-fba.aspx

- Will Duff

Updated Jul 01, 2019
Version 2.0
client access
Exchange 2007
OWA
security

14 Comments

Show More
  • Anonymous's avatar
    Anonymous
    Dec 11, 2008

    Hah.  Why does it not surprise me that to fix this issue, Microsoft's only supported solution is to throw a different Microsoft product at it, all together.  Most of my clients are internal (and use OWA rather than Outlook).  And I really don't want to purchase ISA just to allow password changes.  Back to the drawing board please.
  • Anonymous's avatar
    Anonymous
    Dec 10, 2008
    Yeah, is there a way to do this without ISA 2006 in place?
  • Anonymous's avatar
    Anonymous
    Dec 10, 2008
    We don't have ISA Server in our organization.
    Is there is any other way to implement this feature in OWA without ISA Server, if CAS running on Windows Server 2008?
  • Anonymous's avatar
    Anonymous
    Dec 10, 2008
    What should we do for internal non-AD OWA only clients if you use split DNS and the internal OWA URL points to the CAS farm IP and does not go through ISA?