Solved

AD User Accounts, Passwords, OA/OWA and SharePoint

Posted on 2011-03-15
5
232 Views
Last Modified: 2012-05-11
We're beginning to plan enforced, periodic password changes via Group Policies on a 2003 Domain, for example, change ever 90 days, enforce strong passwords, etc.  I noticed the Policy is located in the Computer group -- not the User group.

We have local users in the office as well as a number of remote users who use Outlook Anywhere (with Outlook), Outlook Web Access (via Browser) and SharePoint while some have Computers listed in AD and others have their own laptop that are not apart of the domain.  They do not VPN into our network.

When it gets close to 90 days, I know local users will be prompted via Windows login to change their passwords and even get advanced warnings.  Will the same happen for OA/OWA and SharePoint users using Outlook and/or Internet Explorer -- on Workgroup and Domain Computers?  SharePoint is configured to use their AD accounts for authentication.
0
Comment
Question by:Wade_Chestnut
  • 3
  • 2
5 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35139910
What versions of Exchange and SharePoint are you using?
0
 

Author Comment

by:Wade_Chestnut
ID: 35140233
Exchange 2003 and SharePoint 2010
0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 500 total points
ID: 35140307
OWA 2003 will tell you the password is expired and give IIS option to change it then or earlier (through options).  It does not do advanced notification on its own.

I have been unable to find any evidence that SharePoint has this functionality natively, but it can be programmed in via a .NET page on your Site.
0
 

Author Comment

by:Wade_Chestnut
ID: 35142634
Well, since Password Policies are in the Computer side of the Group Policies, how can a remote user who has their own laptop in Workgroup mode be forced to change their password?  The Computer policy would not be pushed down to their laptop, right?
0
 
LVL 31

Assisted Solution

by:Justin Owens
Justin Owens earned 500 total points
ID: 35147668
The reason it is a computer setting is because it is applied on the Domain Controller computer.  Because it is applied to THAT computer, all users on that computer (hence all AD users) are affected.  I know it seems like reverse logic in comparison to how most GPO works, but in this case, that is just how MS does it.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question