If you use Exchange with OWA, there is a registry tweak that you can use to enable a function that allows Active Directory users to change their password after it has expired.
Perform the following on the Exchange 2010 Client Access server:
- Run Regedit
- Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA
- Create a new DWORD value (if it doesn’t exist), called: ChangeExpiredPasswordEnabled
- Set the value of ChangeExpiredPasswordEnabled to 1
- Restart the IIS Services