XADM: Notifying Exchange and Outlook Clients of Password Expiration (221977)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange Server 4.0
  • Microsoft Exchange Server 5.0
  • Microsoft Exchange Server 5.5
  • Microsoft Exchange Macintosh client 4.0
  • Microsoft Exchange Macintosh client 5.0
  • Microsoft Exchange Client 4.0
  • Microsoft Exchange Client 5.0
  • Microsoft Outlook 2002
  • Microsoft Outlook 2000
  • Microsoft Outlook for Macintosh, Exchange Server Edition 8.0
  • Microsoft Outlook for Macintosh, Exchange Server Edition 8.1
  • Microsoft Outlook, Exchange Server Edition, when used with:
    • Microsoft Windows 3.1
    • Microsoft Windows 3.11
This article was previously published under Q221977

SUMMARY

Microsoft Exchange Server security is integrated with the Windows NT and Windows 2000 user accounts database. The Windows NT and Windows 2000 domain controllers do not generate password expiration warnings for certain Exchange and Outlook clients. This is the case, for example, with Macintosh-based clients or Microsoft Windows 3.x clients that use the NetWare Netx redirector. Moreover, Microsoft clients Windows XP, Windows 2000, and Windows NT that are running Outlook and are not part of a Windows Domain will not receive the password expiration notification due to not logging on to a domain. This causes administrators and Help Desk personnel to spend time resetting passwords. An application called the Password Expiration Warning Application (PEWA) exists that allows administrators to send password expiration notices to those clients.

MORE INFORMATION

PEWA was created for systems in which Microsoft Exchange Server supports clients running on different platforms. The application sends an e-mail message to each Microsoft Exchange client in the system when the Microsoft Windows NT account password associated with its mailbox is about to expire, regardless of the platform on which the client is running. The message text can be modified.

A small side effect of using PEWA, however, is that clients running on a Windows NT platform receive two expiration notices (one from Windows NT and one from PEWA) because PEWA cannot distinguish between clients.

PEWA cannot be used in a non-Microsoft Exchange environment. The messaging server must have Microsoft Exchange Server version 4.x or version 5.x installed on it.

PEWA enumerates the accounts with expiring passwords in the domain and determines the security identifier (SID) for each of the accounts. The application then queries the Global Address List (GAL) for matches to the SIDs. If matches are found, PEWA then derives the e-mail names of these accounts and sends a message to the respective users notifying them that the passwords for their mailbox accounts are about to expire. PEWA sends each user an individual message to avoid replies to everyone.

PEWA version 2.0 is included in the Microsoft Back Office Resource Kit or the Exchange 2000 Resource Kit.

PEWA has been successfully tested on Windows 2000 and Exchange 2000.
Modification Type:MinorLast Reviewed:8/18/2005
Keywords:kbinfo KB221977
©2004 Microsoft Corporation. All rights reserved.