I am working with a customer who has field agents with laptops. The field agent is offline about 95% of the time. They connect to the VPN maybe twice a month, which then gets them on the corporate network. The customer wants to implement a 60 day password change policy. The issue is that the agents will already have booted their laptops up and made a password change which is cached locally. They may run like this for 2 weeks. When they try to connect to the VPN (which uses the same AD password for login), they will not be able to connect because they are attempting to use their new password. The VPN is expecting the old password because AD server has not been updated yet. How can we manage password changes and sync issues for these field agents who are offline most of the time but are still required to change their password every 60 days?