Exchange 2016 - Outlook wants credentials immediately after selected User must change password after next logon

Apologize for the delay. I did the repro in my lab with the Exchange server version 15.1 (Build 1591.10) and with Outlook (16.0.4266.1001). As per the testing, when the password was reset by selecting "User must change password at next logon" did not impact or prompt for password in Outlook (both in cached mode & online mode). I tried even without resetting the password and by selecting only the checkbox "User must change password at next logon", issue was not reproduced. So, setting that parameter does not impact the logged on user's outlook profile. Even tested with one more scenario, user 1 has full access permission on user 2 mailbox. User 1 has User2 mailbox in outlook. Setting "User must change password at next logon" on both the mailboxes does not impact the current outlook profile.

However, when the user tries to login to OWA, then it prompts to change the password. Also, when the logged on user is different than the outlook profile is configured, then the password prompt appears.

In this scenario, outlook uses the MAPI/HTTP which is by default in Exchange 2016. So, the issue with prompt is different and not related to the "user must change password at next logon".

Please share the screenshot of the connection status when the prompt appears. Also, uncheck the "user must change password at next logon" for one user and do the outlook test email autoconfiguration and check if prompt appears.

Hi,

Based on my knowledge, yes, this is the expected behavior. When the check box "user must change password at next logon", then the attribute pwdLastSet is set to 0 and needs the user to logon and change their password. When outlook tried to authenticate, then this information will be retrieved and ask for the new password. If the user is already logged on to the computer, user will not notice the change unless he logoff and login again. Alternatively, this also means that the AD replication is fine and no issues with outlook/exchange communication with Active directory.

Hi @HanakJ ,

Based on my understanding and previous experience, selecting "User must change password at next logon" usually won't affect users who are currently logged on. They would have to log out and then log on again to be prompted with a message to change the password.

In this example user, who is already logged in and has Outlook opened gets Credentials windows like 10 seconds after I selected "User must change pswd".

If possible, could you please remove the personal information like email address or domain name and then share a screenshot of the credential prompt for further troubleshoot?

Besides, as per my understanding, the user hasn't changed his password by then, so if the old password was entered, can the user continues to use Outlook as normal?

Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

If the response is helpful, please click "Accept Answer" and upvote it.