Will Duff has a post at Exchange Team Blog on how to enable the feature:
Good news! Exchange Server 2007 Service Pack 3 and Exchange Server 2010 Service Pack 1, running on Windows Server 2008 or Windows Server 2008 R2 have a new feature that will allow users with expired passwords to change their password. This also works for users with the User must change password at next logon specified on their AD account.
The procedure below is same for both Exchange 2007 Service Pack 3 and Exchange Server 2010 Service Pack 1. Here’s how you do it:
- On the Client Access Server (CAS), click Start, click Run and type regedit.exe and click OK.
- Note: If you are using a CAS Array, you must perform these steps on each CAS in the array.
- Navigate to HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA.
- Right click the MSExchange OWA key and click New then click DWord (32-bit).
- The DWORD value name is ChangeExpiredPasswordEnabled and set the value to 1.
- Note: The values accepted are 1 (or any value not zero) for “Enabled” or 0 or blank / not present for “Disabled”
- After you configure this DWORD value, you must reset IIS – the recommended method is to use IISReset /noforce from a command prompt.
Important: When you attempt to change your password, currently you cannot use UPN (firstname.lastname@example.org) in the Domain\user name (contoso\johndoe) field in the ‘Change Password’ window.
– Thanks, Jinesh.