Why am I getting a password expiration notice in OWA when the AD password is not due to expire for another 100 days or so?
Posted on 2015-01-07
We recently implemented Fine Grain Password Policies so that we could have different policies for different users. We created two security groups - one for accounts that should have the policy and one for accounts that shouldn't have the policy. Passwords expire in 120 days. I have confirmed that security settings in the default domain policy are not defined. (They are not defined in any other policy either but it is my understanding that the default domain policy takes precedence over all other policies which is why we needed to use FGPP.)
Approximately half of our users access their e-mail through Outlook Web Access. Some of these users are starting to see a notice in OWA that says their password is going to expire in 1 or 10 or 14 days but their network password is not set to expire for at least another 100 days. Why are they seeing this prompt?
In Exchange (2010) OWA is configured for integrated windows authentication using forms-based authentication with user name only. IIS has only Anonymous Authentication enabled which may be part of the problem but I want to be sure.
Any and all help appreciated!
Mary Pat Conroy
Information Systems Manager