I'd like to enforce a one-time password changes for all users in AD. The problem is, we have some users that work once a month and only use OWA. So, if I set passwords to expire in 30 days, then some users may have to change their password twice. If the OWA users don't change before expiration, they are locked out which causes IT major inconvenience.
Does anyone have a strategy they can suggest?