One-time password change for all users?

I'd like to enforce a one-time password changes for all users in AD.  The problem is, we have some users that work once a month and only use OWA.  So, if I set passwords to expire in 30 days, then some users may have to change their password twice.  If the OWA users don't change before expiration, they are locked out which causes IT major inconvenience.

Does anyone have a strategy they can suggest?
sbumpasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph MoodyBlogger and wearer of all hats.Commented:
If I understand your question correctly, you should be about to right click all of your users in an OU - select properties and then account. Then check user must change password at next logon.

I would test this on a small set of users first.
0
pjamCommented:
What jmoody says is what we do when we migrate a site from one domain to a another
0
sbumpasAuthor Commented:
The problem with that strategy is OWA users are locked out until their passwords are changed via AD login.  Some users rely exclusively on OWA, so we would get dozens of calls to unlock accounts.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

BillBondoCommented:
perhaps make the owa people a separate group with longer password changes
0
sbumpasAuthor Commented:
Well this would be a one-time change, so I'm not sure how a longer interval would help?
0
Columbia EnergyEngineers of All TypesCommented:
There's no clean way to do what you ask.  Exclude the OWA users from the forced password change.  If this is OWA 2007 or later, email those users and instruct them to change their passwords and provide instructions on how to do so (via OWA).

It's not perfect, but it should reduce the headaches.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.