Solved

AD User Accounts, Passwords, OA/OWA and SharePoint

Posted on 2011-03-15
5
225 Views
Last Modified: 2012-05-11
We're beginning to plan enforced, periodic password changes via Group Policies on a 2003 Domain, for example, change ever 90 days, enforce strong passwords, etc.  I noticed the Policy is located in the Computer group -- not the User group.

We have local users in the office as well as a number of remote users who use Outlook Anywhere (with Outlook), Outlook Web Access (via Browser) and SharePoint while some have Computers listed in AD and others have their own laptop that are not apart of the domain.  They do not VPN into our network.

When it gets close to 90 days, I know local users will be prompted via Windows login to change their passwords and even get advanced warnings.  Will the same happen for OA/OWA and SharePoint users using Outlook and/or Internet Explorer -- on Workgroup and Domain Computers?  SharePoint is configured to use their AD accounts for authentication.
0
Comment
Question by:Wade_Chestnut
  • 3
  • 2
5 Comments
 
LVL 31

Expert Comment

by:DrUltima
Comment Utility
What versions of Exchange and SharePoint are you using?
0
 

Author Comment

by:Wade_Chestnut
Comment Utility
Exchange 2003 and SharePoint 2010
0
 
LVL 31

Accepted Solution

by:
DrUltima earned 500 total points
Comment Utility
OWA 2003 will tell you the password is expired and give IIS option to change it then or earlier (through options).  It does not do advanced notification on its own.

I have been unable to find any evidence that SharePoint has this functionality natively, but it can be programmed in via a .NET page on your Site.
0
 

Author Comment

by:Wade_Chestnut
Comment Utility
Well, since Password Policies are in the Computer side of the Group Policies, how can a remote user who has their own laptop in Workgroup mode be forced to change their password?  The Computer policy would not be pushed down to their laptop, right?
0
 
LVL 31

Assisted Solution

by:DrUltima
DrUltima earned 500 total points
Comment Utility
The reason it is a computer setting is because it is applied on the Domain Controller computer.  Because it is applied to THAT computer, all users on that computer (hence all AD users) are affected.  I know it seems like reverse logic in comparison to how most GPO works, but in this case, that is just how MS does it.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now