new435
asked on
Password Expiration on non-connected Domain notebooks
We have a MS AD environment with about 250 users. 3 Corporate locations with AD servers in them. 10 more "job sites" with site-to-site VPN tunnels back to the main corporate network using Juniper SSG firewalls, and another 10 job sites whose networks are NOT connected to the corporate office via hardware VPN's. All users have non-Microsoft VPN software installed on their notebooks, which they use in the event they need access to the corporate network from non-connected job sites or other places.
We moved exchange out to the cloud 2 years ago (Office 365), and have recently implemented ADFS (Federated Services) to enable single-sign on to the MS-Hosted email, so they are brought back to our Corporate AD environment for email authentication.
Here is our dilemma:
Users who work at job sites WITHOUT site-to-site VPN's run on CACHED CREDENTIALS, so they DO NOT get prompted when their AD PASSWORDS expire. This causes a problem when their AD passwords expire, because mail won't authenticate.
What are the ways that we can make sure remote users know when their AD passwords expire, and makes it as simple as possible for them to update those passwords.
Best answer gets the points.....
We moved exchange out to the cloud 2 years ago (Office 365), and have recently implemented ADFS (Federated Services) to enable single-sign on to the MS-Hosted email, so they are brought back to our Corporate AD environment for email authentication.
Here is our dilemma:
Users who work at job sites WITHOUT site-to-site VPN's run on CACHED CREDENTIALS, so they DO NOT get prompted when their AD PASSWORDS expire. This causes a problem when their AD passwords expire, because mail won't authenticate.
What are the ways that we can make sure remote users know when their AD passwords expire, and makes it as simple as possible for them to update those passwords.
Best answer gets the points.....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I spread out the points. We ended up buying a piece of software to not only send out notifications, but to also provide additional auditing and password reset functionality. Thanks for the replies.
ASKER
How can I leverage this RDP-over-the-web technology such that I could include a LINK in that password-expiry email that brings them to a terminal server securely via a web browser?
The only open issue at that point, is that the LOCAL password on the laptop won't be synchronized with the AD password inside the LAN, but the user will be able to get into MAIL, which has become the #1 needed app.
I'd like to close this question and assign points as soon as I can here.