If you use Exchange with OWA, there is a registry tweak that you can use to enable a function that allows Active Directory users to change their password after it has expired.

Perform the following on the Exchange 2010 Client Access server:

1. Run Regedit
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA
3. Create a new DWORD value (if it doesn’t exist), called: ChangeExpiredPasswordEnabled
4. Set the value of ChangeExpiredPasswordEnabled to 1
5. Restart the IIS Services