Users are not prompted to change password in OWA

If a user logs on to a domain by using a Windows 2000 user account, the user receives the following message (where nn is the number of days until the password expires): However, when the user logs on to Microsoft Outlook Web Access (OWA), the user does not receive a message about changing the password.

This problem occurs because the accounts that are associated with the Exchange mailboxes have been disabled, and the accounts in a different Microsoft Windows 2000 domain have been associated with the mailboxes. A one-way trust exists from the Windows 2000 domain to the domain that contains the mailboxes. This one-way trust prevents queries to the Active Directory directory service from the domain that contains the Exchange mailboxes, and prevents password-related information from being retrieved and passed on to the user.

To work around this problem, establish a two-way trust between the domains. However, this workaround does not apply if you are running Exchange in a resource forest/accounts forest configuration. For more information about this configuration, see the "More Information" section. For more information about trust relationships, click the following article number to view the article in the Microsoft Knowledge Base:

This behavior is by design.

The password expiration message is based on the pwdLastSet attribute. When you run Exchange in the resource forest/accounts forest configuration, the global catalog servers of the account forest cannot cache the pwdLastSet attribute from the resource forest. For more information, click the following article number to view the article in the Microsoft Knowledge Base: