Microsoft KB Archive/221977

= XADM: Notifying Exchange and Outlook Clients of Password Expiration =

Article ID: 221977

Article Last Modified on 2/20/2007

-

APPLIES TO

 Microsoft Exchange 2000 Server Standard Edition Microsoft Exchange Server 4.0 Standard Edition Microsoft Exchange Server 5.0 Standard Edition Microsoft Exchange Server 5.5 Standard Edition Microsoft Exchange Client 4.0 for Macintosh Microsoft Exchange Client 5.0 for Macintosh Microsoft Exchange Client 5.5 Microsoft Exchange Client 5.0</li> Microsoft Outlook 2002 Standard Edition</li> Microsoft Outlook 2000 Standard Edition</li> Microsoft Outlook 8.0 Exchange Server Edition for Macintosh</li> Microsoft Outlook 8.1 Exchange Server Edition for Macintosh</li> Microsoft Outlook, Exchange Server Edition, when used with: <ul> Microsoft Windows 3.1 Standard Edition</li></ul>

<ul> Microsoft Windows 3.11 Standard Edition</li></ul> </li></ul>

-

<div class="notice_section">

This article was previously published under Q221977

<div class="summary_section">

SUMMARY
Microsoft Exchange Server security is integrated with the Windows NT and Windows 2000 user accounts database. The Windows NT and Windows 2000 domain controllers do not generate password expiration warnings for certain Exchange and Outlook clients. This is the case, for example, with Macintosh-based clients or Microsoft Windows 3.x clients that use the NetWare Netx redirector. Moreover, Microsoft clients Windows XP, Windows 2000, and Windows NT that are running Outlook and are not part of a Windows Domain will not receive the password expiration notification due to not logging on to a domain. This causes administrators and Help Desk personnel to spend time resetting passwords. An application called the Password Expiration Warning Application (PEWA) exists that allows administrators to send password expiration notices to those clients.

<div class="moreinformation_section">

MORE INFORMATION
PEWA was created for systems in which Microsoft Exchange Server supports clients running on different platforms. The application sends an e-mail message to each Microsoft Exchange client in the system when the Microsoft Windows NT account password associated with its mailbox is about to expire, regardless of the platform on which the client is running. The message text can be modified.

A small side effect of using PEWA, however, is that clients running on a Windows NT platform receive two expiration notices (one from Windows NT and one from PEWA) because PEWA cannot distinguish between clients.

PEWA cannot be used in a non-Microsoft Exchange environment. The messaging server must have Microsoft Exchange Server version 4.x or version 5.x installed on it.

PEWA enumerates the accounts with expiring passwords in the domain and determines the security identifier (SID) for each of the accounts. The application then queries the Global Address List (GAL) for matches to the SIDs. If matches are found, PEWA then derives the e-mail names of these accounts and sends a message to the respective users notifying them that the passwords for their mailbox accounts are about to expire. PEWA sends each user an individual message to avoid replies to everyone.

PEWA version 2.0 is included in the Microsoft Back Office Resource Kit or the Exchange 2000 Resource Kit.

PEWA has been successfully tested on Windows 2000 and Exchange 2000.

Additional query words: expire OL20

Keywords: kbinfo KB221977

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.