We have a MS AD environment with about 250 users. 3 Corporate locations with AD servers in them. 10 more "job sites" with site-to-site VPN tunnels back to the main corporate network using Juniper SSG firewalls, and another 10 job sites whose networks are NOT connected to the corporate office via hardware VPN's. All users have non-Microsoft VPN software installed on their notebooks, which they use in the event they need access to the corporate network from non-connected job sites or other places.
We moved exchange out to the cloud 2 years ago (Office 365), and have recently implemented ADFS (Federated Services) to enable single-sign on to the MS-Hosted email, so they are brought back to our Corporate AD environment for email authentication.
Here is our dilemma:
Users who work at job sites WITHOUT site-to-site VPN's run on CACHED CREDENTIALS, so they DO NOT get prompted when their AD PASSWORDS expire. This causes a problem when their AD passwords expire, because mail won't authenticate.
What are the ways that we can make sure remote users know when their AD passwords expire, and makes it as simple as possible for them to update those passwords.
Best answer gets the points.....