Last post Mar 05, 2009 01:36 AM by fjdreyer
Feb 12, 2009 05:27 PM|fordc03|LINK
Okay, so I can create users, if I do not check off the "administrator" option in the SampleProvisioningUI, they cannot change their password when they log on via the OWA site or through the ProvisioningUI.
What gives? Did I not set something up right?
If I go into Active Directory and modify the security for the "SELF" role to full permission, the user can now change their password. But, there must be a reason why the SELF is only given read-only rights...I'm assuming there's a reason.
Anyway, I think I must be the only one with this issue because I cannot find anyone else with the same issue posted on the forum...Help!
So what permission is not getting set that allows the user to change their password when they are created?
Feb 17, 2009 12:29 PM|PowerK6|LINK
Did you try to reset password 24 hrs later?
Feb 19, 2009 02:50 PM|amos.max|LINK
Have you checked your PW policy in AD?
You probably have a minimum PW age in there.
Rgds - Marcus.
Mar 05, 2009 12:13 AM|fjdreyer|LINK
You actually MUST have a minimum password age in your active directory policy for users to be allowed to change their password in OWA 2007.
If you do not have a minimum password age setup, OWA will just keep telling your users that their password does not meet the complexity requirements (no matter how complex their password) when they try to change their password.
I have faced this problem with many production exchange deployments and even with our HMC environment when I first set it up.
Mar 05, 2009 01:26 AM|PowerK6|LINK
Yes, by default, the "minimum password age" is 1 day. You should change it to 0
Mar 05, 2009 01:36 AM|fjdreyer|LINK
If you set the minimum password age to 0 then you will face the "Password does not meet complexity requirements" error when changing password from OWA.