Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

XADM: Notifying Exchange and Outlook Clients of Password Expiration

View products that this article applies to.

This article was previously published under Q221977

↑ Back to the top


Microsoft Exchange Server security is integrated with the Windows NT and Windows 2000 user accounts database. The Windows NT and Windows 2000 domain controllers do not generate password expiration warnings for certain Exchange and Outlook clients. This is the case, for example, with Macintosh-based clients or Microsoft Windows 3.x clients that use the NetWare Netx redirector. Moreover, Microsoft clients Windows XP, Windows 2000, and Windows NT that are running Outlook and are not part of a Windows Domain will not receive the password expiration notification due to not logging on to a domain. This causes administrators and Help Desk personnel to spend time resetting passwords. An application called the Password Expiration Warning Application (PEWA) exists that allows administrators to send password expiration notices to those clients.

↑ Back to the top

More information

PEWA was created for systems in which Microsoft Exchange Server supports clients running on different platforms. The application sends an e-mail message to each Microsoft Exchange client in the system when the Microsoft Windows NT account password associated with its mailbox is about to expire, regardless of the platform on which the client is running. The message text can be modified.

A small side effect of using PEWA, however, is that clients running on a Windows NT platform receive two expiration notices (one from Windows NT and one from PEWA) because PEWA cannot distinguish between clients.

PEWA cannot be used in a non-Microsoft Exchange environment. The messaging server must have Microsoft Exchange Server version 4.x or version 5.x installed on it.

PEWA enumerates the accounts with expiring passwords in the domain and determines the security identifier (SID) for each of the accounts. The application then queries the Global Address List (GAL) for matches to the SIDs. If matches are found, PEWA then derives the e-mail names of these accounts and sends a message to the respective users notifying them that the passwords for their mailbox accounts are about to expire. PEWA sends each user an individual message to avoid replies to everyone.

PEWA version 2.0 is included in the Microsoft Back Office Resource Kit or the Exchange 2000 Resource Kit.

PEWA has been successfully tested on Windows 2000 and Exchange 2000.

↑ Back to the top

Keywords: kbinfo, KB221977

↑ Back to the top

Article Info
Article ID : 221977
Revision : 8
Created on : 2/20/2007
Published on : 2/20/2007
Exists online : False
Views : 486