So, I have been googling trying to find a decent solution for this, and im not really finding anything. Im not sure if that is because there isnt a decent solution for it, or because the keywords I am using are coming up with different stuff. So hopefully someone out there knows of something, I cant imagine im the first person looking to do this.
We run an Active Directory Domain (Server 2008 R2 Domain Controllers across the board), in 4 locations (Chicago, San Francisco, Germany, London). We also have several employees who work from home (Sales People and such). I am looking for a decent solution that would allow the work from home people and traveling people to be able to authenticate against our Active Directory Domain Controller. Currently we just set the travelling people's AD Account passwords to never expire because they have no way of changing them while they are on the road. This creates problems when they forget their password and we cant reset it for them because they are in Texas (We could reset it, but their computer would have no way of knowing that we changed their password).
So, I am looking for a secure solution that would allow users to authenticate against AD while outside of our network. And if that is not possible, then is there a recomended solution for resetting AD Passwords while on the road? Like some kind of web portal or something?