Problem: A remote user's password has expired, but their local machine has the old password cached. How do you change the password locally and resync it with the Domain again?
If you have a remote domain user with an expired (but cached) password, You can use this procedure to reset it. (using a VPL Client to remotely access the domain environment)
Have the Domain Admins or HelpDesk people reset the user's domain password first, with option to change it if your corporate policy will allows this (ours requires waiting 24 hours before a change can be done).
Instruct the remote domain user (already logged into Windows with the cached password) to login via your VPN client to domain with the new password. (VPN is probably disabled due to expired password. Once it is reset, VPN access can be established)
Instruct the user on how to get the IP address assigned by the VPN client from remote User's PC/VPN client software. (You can also find this by having the remote user open a command promt and type in the command "ipconfig /all" (without quotes) and have them read the IP address assigned).
Using your own Remote Desktop Client (RDP), establish a connection to remote users' PC using only the IP address and use their credentials and new password.
Once you are connected and logged in (to the user's profile), the user's cached password will be updated. The user will be shown a "This computer is currently locked.." screen. You can proceed to logoff from the remote PC. I have seen on some computers, the VPN will disconnect once you are logged into the remote machine. Then the user just needs to press Ctrl-Alt-Delete and login with their ID and their new password.
Have remote user create a reminder, like in Outlook Calendar, to remind them before their password is to expire and they can use the normal method to reset their password.