AD Password Change

Posted on 2014-02-28
Medium Priority
Last Modified: 2014-03-04
I will be appllying the settings "user must change password at next login" for 150 users on Monday morning.
We have many remote users that use NCP to vpn into the network to access their network shares.  
My question is will the users that use NCP to vpn from home be prompted to change there password ? Or will we have to manually set a password for these users to use VPN ?
Also when the users restart their laptop whilst working remotely will they use their new password or the old password that is cached locally?

Question by:DNRRP
LVL 35

Expert Comment

by:Joseph Daly
ID: 39894670
We use cisco vpn here and if the user has the must change password at next login check they will not be able to log into the VPN. You may need to set a new password for them in order for them to connect.

If the user is connected to the VPN and then changes their password the local password should sync up and the next time they log in they should be able to use their new password.

Expert Comment

ID: 39894677
They will only get the password reset prompt if they are actually connected to the domain so that the server can send them the information otherwise, the laptop is pretty much acting stand alone. When they try and access network resources then that is where the problem will arise as it will want the password changing before it continues.

I would manually reset the password for the remote workers to save yourself a headache.

Author Comment

ID: 39894684
Thanks for this information.
Once the user has logged on via VPN with the password provided they can simply ctrl alt del and change their password which will also synch with the locally cached user password ? is this correct ?
LVL 35

Expert Comment

by:Joseph Daly
ID: 39894734
Correct once the user is connected to the VPN it is as if they were sitting in the office. The password change will take affect both on the domain as well as the cached local credentials.

Accepted Solution

Pankaj_401 earned 1500 total points
ID: 39899696
In a simple way, you can modify users properties.
Once it has been done, they will be forced to change their password at next logon.
Further, you can have check this link to gather more information in detail.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question