8 employees are working offsite. Every employee have a PC with a local user and password. They all connect to a terminal server session using rdp wthout vpn against active directory(locating at the main office). Currently, the local password is set manualy the same as the active directory password.
My goal: I want to be able to change password or to force changes remotely. And I don't want user having 2 passwords.
I thought of changing local user for domain user but here is my concern: If I connect their pc to the domain and they leave the office the password will be save in cached. If a push a password change they will have to change their password when they connect to their RDP session but the local domain password save in cache will not be changed. So user will work with old and new password till they come back to office.
Please help me expert, I hope my story make sense.