After flagging multiple domain user accounts with the "User must change password at next logon
" flag in Active Directory Users and Computers
, hours later upon logging in a percentage of them are still able to login using their locally cached password credentials. Upon logging in, they are soon afterwards prompted with a popup asking them to log in with their current credentials (see embedded image).
*All computers are attached via ethernet cable to the internal network
*All computer accounts and user accounts are in good/equivalent standing on our network, with the same memberships
Frankly, I'm stumped. How can we ensure that the "must change password" flag snags all of our users before logging on, and not just some?