Please note that we have a setup where in we have Exchange 2007 CCR & 2x CAS+HUB servers, the Exchange OWA, Active Sync is published using ISA 2006 with a secure certificate and only HTTPS is allowed. Everything is working fine.
The OWA is not enabled for all users at this point of time because it's a sensitive organization. Let's say an AD user who does not have the OWA enabled tries to access the published mail (for example:https://webmail.domain.com
AD user name and a wrong password for multiple times the account gets locked out. Even if the user whose account has OWA enabled and tries to open with a wrong password multiple times the account gets locked out and user is not able to work while in office. My point here is, let's say if someone has the AD user id details of a person in the organization he can purposefully try to access and lock out the user account right. Is there any way we can control this behaviour.
Yes, i do understand that it's going to validate the credentials with the AD domain controller and then does this.
Appreciate if someone can throw some ideas as i am sure some of you have gone through this. Is there any alternate option.
Thanks & Regards,
Pramod
<input id="3ab3cbe5-dd9f-4d24-aa40-aa9451652312_attachments" type="hidden" />