We have an Active Directory network with a mixed environment of Macs and PCs, including some remote users who connect via VPN. We're trying to implement a password expiration policy, but we've run into the roadblock such that when a Mac's password is expired on AD, it can't connect period – no prompt or opportunity to change password, no nothing. This goes double for a VPN client synced with the domain password.
Surely there's a piece of middleware or something that bridges this gap. Any thoughts?
Best Answer
We have a scheduled task that runs daily and emails users at predefined password age intervals. E.g., if our password age is 90 days, email them at 75 days, 80, 83, 85, 87, and 89 days.