Changing passwords

[Guest Pete]

I would like some advice i have a VPN connection between my company and

another part of the company that has its own domain. My company has an

Exchange environment that the other company uses. This has not been a problem

up to now as the users have an account in our domain and they authenticate

when they connect via Outlook.

 

We are now forced to roll out complex passwords and this has the issue of

all the users existing passwords have expired and hence can no longer logon

as they get an error informing them that they can not change their password

and they should connect to the organisations domain.

 

Options available to us i presume are create a trust between us and the

other part of our company, a two one trust is not acceptable due to political

reasons so it would have to be a one way trust between us and them. The users

in the other domain can have no access to any of our systems except to change

their password via outlook and read their email.

 

Is there a better way to approach this one, as a Trust would mean

interaction between the two IT departments which could raise some issues. Is

there any other options open to us which would give us the ability to change

the users password on our domain within Outlook from their domain.

 

Thank you for any advice in advance

 

Regards

 

Pete

[Guest rounner@yahoo.com]

Re: Changing passwords

 

My interpretation is that you are blocking all but exchange (possibly

POP3 if you have no 'trust') and this is not allowing a kerberos/LDAP/

SMB/netbios password change. That is to say, they already have a trust

(they are part of your domain) but a firewall is preventing them from

using this trust to do anything other that read email.

 

A HTTPS based user management system might be a good solution,

allowing them to do minimal user changes such as password. The web

server wouldn't take much to develop if you have the staff to do so.

You might even find an open source solution (a standard LDAP password

change is all thats required). It all depends what web services if any

you are already providing for them.

 

Outlook Web Access has a change password facility but I don't know how

it works.