Link to home
Start Free TrialLog in
Avatar of new435
new435Flag for United States of America

asked on

Password Expiration on non-connected Domain notebooks

We have a MS AD environment with about 250 users.   3 Corporate locations with AD servers in them.    10 more "job sites" with site-to-site VPN tunnels back to the main corporate network using Juniper SSG firewalls, and another 10 job sites whose networks are NOT connected to the corporate office via hardware VPN's.   All users have non-Microsoft VPN software installed on their notebooks, which they use in the event they need access to the corporate network from non-connected job sites or other places.  

We moved exchange out to the cloud 2 years ago (Office 365), and have recently implemented ADFS (Federated Services) to enable single-sign on to the MS-Hosted email, so they are brought back to our Corporate AD environment for email authentication.
   

Here is our dilemma:

Users who work at job sites WITHOUT site-to-site VPN's run on CACHED CREDENTIALS, so they DO NOT get prompted when their AD PASSWORDS expire.  This causes a problem when their AD passwords expire, because mail won't authenticate.

What are the ways that we can make sure remote users know when their AD passwords expire, and makes it as simple as possible for them to update those passwords.

Best answer gets the points.....
SOLUTION
Avatar of Nick Rhode
Nick Rhode
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Hypercat (Deb)
Hypercat (Deb)
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Pramod Ubhe
Pramod Ubhe
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Pankaj_401
Pankaj_401
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of new435
new435
Flag of United States of America image

ASKER

Sorry for the slow response guys.   I like the idea of the script, and the email, but I need a complete solution.   I played around with one of my customers that has SBS, and the Remote Web Workplace uses a web browser to log into a user's PC.  I set up a user to change password at next login, and when I tried to log in to RWW, I got PROMPTED to change my password!!!

How can I leverage this RDP-over-the-web technology such that I could include a LINK in that password-expiry email that brings them to a terminal server securely via a web browser?

The only open issue at that point, is that the LOCAL password on the laptop won't be synchronized with the AD password inside the LAN, but the user will be able to get into MAIL, which has become the #1 needed app.

I'd like to close this question and assign points as soon as I can here.
Avatar of new435
new435
Flag of United States of America image

ASKER

I spread out the points. We ended up buying a piece of software to not only send out notifications, but to also provide additional auditing and password reset functionality. Thanks for the replies.