Friday, November 11, 2011

Office 365 password change for webmail-only remote users

Recently a question came across my mind about password change for remote users if they are only use OWA.
So might they work from home with their personal computer. A password change is then not enforced and a password change via CTRL-ALT-DEL will not change the AD password.

In a setup with federated identities those users will still see a URL for password change in OWA, but they cant access it. And of course they do not have a password on O365 at all (may a very long random password as we know it from Smart Card only users).   So my idea was to search for a option to define a alternative URL, but no luck. MS Online confirmed that there is no option today to define such an URL.



Okay, so what. Let's go and a grab the IISADMPWD from Windows 2003 IIS and tell the user the new URL to change the password.I would like to have them changed their password every 43 days (or whatever) . IISADMPWD works, even it is not supported anymore, also with IIS 7. But I found one catch. If you are using a ADFS proxy server, which is usually not a domain member and located highly protected in a DMZ, then IISADMPWD cannot be used to change the AD passwords.
So might I can extend IISADMPWD with an web service running on the ADFS server. Lets see if I get this done before end of this year.

No comments: