I am running an AD environment on Win 2003 servers with win2k and winxp clients. I currently have user passwords set to expire every 3 months. They do get a warning some days in advance of the expiration (if they actually log off their machine). Many do not logout ever.... Because of this they run into a problem when the do exchange from home or try to login through our VPN. (Our VPN is using IAS and the AD accounts to authenticate.)
Is there some way that they could change their password if they were to login using the web version of exchange? Or could IAS prompt them for a password change when they login using VPN? We are using the Cisco VPN product.
One person mentioned that at one company they would get the notification about their password but it would not lock them out when the connected via outlook or exchange-web or vpn.
Any thoughts on what is the best way to handle this? I will state right now that I cannot force the users to logout of their desktops periodically.