For anyone with this environment, what we did was had them connect with their VPN client while they were remote, then we changed their AD account, locked the computer and unlocked with the new AD password and it worked fine.
Password changes for remote users no longer on premise for AD login?
Hello,
We want people who took their laptops and PCs home to still use AD login. We don't want Azure. Is it possible to sync them? If not can we manually edit the registry of their PC so their PW for AD is in the same as their on prem AD PW.
To be clear, their PC was on premise and joined to the domain. We did not remove it from the domain when they took it home. We are trying to avoid moving them to a new local profile on their PC. Everyone is running Win 10 x64. Our on prem AD server is 2012 R2.
2 additional answers
Sort by: Most helpful
-
Fan Fan 15,291 Reputation points Microsoft Vendor
2021-03-29T02:12:40.017+00:00 Hi,
Users can use cached credentials for AD login.
Make sure the group policy for : Interactive logon: Number of previous logons to cache (in case domain controller is not available) under the path: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
This determines how many credentials can be cached .Once users can't connect to domain, the cached credentials will be used .
But if the password changed on the DC when the computers disconnected, the computers will not receive the new password.
If you want the users to use the new password , the computers need to connect to the domain and login again to cache the new password.
If users disconnect to the domain all the time, it will continue to use the old password.For more information, you can refer to:
Interactive logon: Number of previous logons to cache
Network access: Do not allow storage of passwords and credentials for network authenticationBest Regards,
-
Boe Dillard 666 Reputation points
2021-03-29T02:54:00.707+00:00 Thanks - that is the issue. They are not on site - probably won't be for months. We do want them to use the new AD password however the only way they connect to AD is through VPN through our firewall after they've logged in.