?
Solved

AD User Accounts, Passwords, OA/OWA and SharePoint

Posted on 2011-03-15
5
Medium Priority
?
247 Views
Last Modified: 2012-05-11
We're beginning to plan enforced, periodic password changes via Group Policies on a 2003 Domain, for example, change ever 90 days, enforce strong passwords, etc.  I noticed the Policy is located in the Computer group -- not the User group.

We have local users in the office as well as a number of remote users who use Outlook Anywhere (with Outlook), Outlook Web Access (via Browser) and SharePoint while some have Computers listed in AD and others have their own laptop that are not apart of the domain.  They do not VPN into our network.

When it gets close to 90 days, I know local users will be prompted via Windows login to change their passwords and even get advanced warnings.  Will the same happen for OA/OWA and SharePoint users using Outlook and/or Internet Explorer -- on Workgroup and Domain Computers?  SharePoint is configured to use their AD accounts for authentication.
0
Comment
Question by:Wade_Chestnut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35139910
What versions of Exchange and SharePoint are you using?
0
 

Author Comment

by:Wade_Chestnut
ID: 35140233
Exchange 2003 and SharePoint 2010
0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 2000 total points
ID: 35140307
OWA 2003 will tell you the password is expired and give IIS option to change it then or earlier (through options).  It does not do advanced notification on its own.

I have been unable to find any evidence that SharePoint has this functionality natively, but it can be programmed in via a .NET page on your Site.
0
 

Author Comment

by:Wade_Chestnut
ID: 35142634
Well, since Password Policies are in the Computer side of the Group Policies, how can a remote user who has their own laptop in Workgroup mode be forced to change their password?  The Computer policy would not be pushed down to their laptop, right?
0
 
LVL 31

Assisted Solution

by:Justin Owens
Justin Owens earned 2000 total points
ID: 35147668
The reason it is a computer setting is because it is applied on the Domain Controller computer.  Because it is applied to THAT computer, all users on that computer (hence all AD users) are affected.  I know it seems like reverse logic in comparison to how most GPO works, but in this case, that is just how MS does it.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question