Exchange 2013/2016 Change OWA Log on Options

In Exchange 2013 and Exchange 2016 , by default the log on options for OWA are Domainname\Username, in Exchange 2010 we could change this in the ECP, this functionality is currently not in the Exchange 2013 ECP, so we must use power shell. In the example below we change it so OWA authentication is user name and password only and also so that a user can log into Exchange with their email address.These commands also apply to Exchange 2010.

Before

owa 2013 logon options

owa 2013 log-on options

Powershell to Change OWA Authentication to User Name

Set-OwaVirtualDirectory "owa (Default Web Site)" -LogonFormat Username -DefaultDomain techieshelp.local
iisreset

With the command above we set Exchange 2013 or Exchange 2016 OWA to be user name only.Then restart IIS for the changes to be effective.

After

Exchange 2013 OWA Username only

Exchange 2013 OWA Username only

Powershell to Change OWA Authentication to Email Address

Set-OwaVirtualDirectory "owa (Default Web Site)" -LogonFormat PrincipalName
iisreset

In the example above we set Exchange 2013/2016 OWA to log in as Email Address (Principal Name ).Then restart IIS to enable the changes.

After

log into owa with email address

log into owa with email address

 Change OWA Authentication Exchange 2013 and Exchange 2016 in the ECP

This can also obviously be done via the Exchange 2013 ECP also . To do so open up the ECP and select Servers > Virtual Directories > OWA. Then select Edit and you will see the options as seen below.

change owa authenticiaton in ECP exchange 2013

Allen White

Allen is a Consultant for ITPS in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure.

Comments (16)

  • Avatar

    Tony Simek

    |

    Another great article, and this one worked well for me! Thank you!! Allen, when you are ready to write your book on Exchange, I will be first in line!

    Reply

    • Avatar

      Allen White

      |

      Glad to help Tony, I havent forgot about the catch all, ive been working a new feature so that users like yourself can chat with myself and other users posting questions etc, so im finishing it off and hoping for it to go live this Monday. More info on the Q&A page.

      Reply

  • Avatar

    Joe

    |

    Great tips.
    Allen, I have been trying to set basic authentication so I can publish OWA and match the authentication, currently set as Forms-Based Authentication in the exchange. When I look at the website (owa default) it says basic, but TMG 2010 complains as follows:
    Testing https://webmail.domain.com:443/OWA/
    Category: General error
    Error details: The authentication delegation method defined in the rule does not match the authentication method selected for the published directory on the server hosting the site. Publishing rule authentication delegation method: Basic. Published server authentication methods: Forms-Based Authentication.
    Action: You can change the authentication method on the published server or select “No delegation, but client may authenticate directly” in the Authentication Delegation tab of the publishing rule.

    Are you able to help? Much appreciated
    Joe

    Reply

  • Avatar

    Manuel

    |

    Hola, luego de seguir tus recomendaciones para evitar logon con dominio (Set-OwaVirtualDirectory “owa (Default Web Site)” -LogonFormat Username -DefaultDomain techieshelp.local) ; tengo errores en pagina de owa y ecp ahora ; me indica luego del login “:-( something whet wrong” podrias ayudarme por favor. Gracias

    Tengo exchange 2013 std bajo windows 2012.

    Reply

    • Avatar

      Allen White

      |

      Hola, yo no hablo a español por lo que estoy usando un traductor. ¿Reiniciar IIS? ¿después de hacer los cambios.?

      Reply

  • Avatar

    Tom

    |

    Hi Allen,

    Very useful site – there’s a lot of things for me to try!

    I’ve just ran the powershell commands and all appeared to work as did the IIS restart however, when coming to login to OWA, it doesn’t seem to like my e-mail address but does however still accept domain\username.

    Am I missing something?

    Cheers
    Tom

    Reply

    • Avatar

      Allen White

      |

      Hi Tom, that sounds like the changes have not activated – either IIS did not restart correctly or it did not accept the power shell change command . I take it the OWA screen still mentions “domain”.?

      Ok so when you run the Set-OwaVirtualDirectory “owa (Default Web Site)” -LogonFormat PrincipalName command does it come back with any red text or does it accept the command without error.
      If that goes through fine, rather that run IISreset try and restart IIS from services.msc or if possible a quick reboot?

      Reply

      • Avatar

        Tom

        |

        Hi Allen,

        The OWA screen actually shows “Email address”.

        The command seemed to apply fine, no red text etc. and IIS seemed to restart fine.

        I’ll give IIS another reset and if not I’ll reboot the Exchange box.

        Cheers
        Tom

        Reply

        • Avatar

          Allen White

          |

          Good, so when you log in use the primary address for that account. 🙂

          Reply

  • Avatar

    Dan

    |

    I have noticed that if you set password to be changed at next logon or the password expires. Exchange 2013 does not accept UPN and defaults back to domain\username.

    Has anyone else come across this.

    Reply

    • Avatar

      Nick

      |

      I have the same problem. looks like a Cu1 bug.
      It also looks like its pulling up a 2010 password reset tool web app….

      Reply

  • Avatar

    John

    |

    Does that applied to the Microsoft Outlook login? right now we are using username and password to login to the Outlook, how can we change to email address and password to login the Outlook? Thanks!

    Reply

  • Avatar

    Geoff

    |

    Do note that this does NOT change the password reset page in owa. The user still has to enter DOMAIN\username on the password reset page regardless of what is set for the login page.

    This is very frustrating and I haven’t found much of a work around yet. Does anyone have any ideas how to fix this?

    Reply

  • Avatar

    Jamie Boles

    |

    Would this be the command to set back to default domain\user?

    Set-OwaVirtualDirectory “owa (Default Web Site)” -LogonFormat FullDomain -DefaultDomain techieshelp.local

    Reply

  • Avatar

    Maurício Mota

    |

    I has having a big problem with users trying to change their expired passwords. They did not could use their UPN, it worked only with pre win 2000 login.

    After reading several threads in microsoft technet with no useful information (for them, it was a unsolved bug), I only found the solution on this website. Thank you very much!

    Reply

Leave a comment

Categories

Vote!

What Web Browser Do You Use?

View Results

Loading ... Loading ...

Vote!

What do you prefer..VMware or Hyper-V?

View Results

Loading ... Loading ...