One of the new features in Exchange 2007 Service Pack 3 is the ability for users to change their password before logging in. Before service pack 3 a user who’s password had expired needed to call the helpdesk to reset their password or use another solution. With this new feature a user will be redirected to another page where he/she can change the password.

But how does this work? In the OWA directory, which you can find here: Exchange\ClientAccess\OWA, you will find a directory called auth. This directory contains several files which are used for login and logout. But besides these files there are two new files expiredpassword.aspx and exppw.dll.

Before you can use the new functionality you will need to make an adjustment in the registry of the CAS server. Go to the following location in the registry:

HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

Create a new DWORD called ChangeExpiredPasswordEnabled and change the value of the key to 1. This should look the same like below:

During the logon (logon.aspx) a check is done if the password is expired and if this is the case the user will be redirected to expiredpassword.aspx.

Before the user can change his/her password he will first needs to specify the old password. Once the password has change the user will be redirected to his/her mailbox.


Johan Veldhuis