Administrators are keenly aware of the issues that face remote users. For many administrators, such issues can cause great angst. One issue in particular facing remote users is when they have forgotten their password. In such cases, since the user is remote, updating the password on the corporate network will not help. This is where ManageEngine comes to the rescue.
ManageEngine has a solution called ADSelfService Plus, which not only allows end users to resolve their own password reset (amongst other) issues, but can help remote users update their laptop’s local cache as well. The solution is elegant and quite simple.
Before we get to the solution, let me first ensure that the issue is clear. When a user is not connected to the network, they do not have access to authenticate or communicate with a domain controller. If the remote user forgets their password, both the credentials stored in the local cache and the domain controller must be updated. Even if the help desk resets the password, the user will not be allowed to log on since the locally cached credentials will not be updated. Likewise, if the user has the ability to use the ManageEngine ADSelfService Plus mobile application to reset their password, this only updates the domain controller and not the local cached credentials.
ADSelfService Plus provides an option to use a VPN to reset the locally cached credentials after the user resets the password on their own. This is accomplished by the ADSelfService Plus service triggering the VPN on the user laptop, which then communicates back to the corporate network to update the locally cached credentials. You can see the configuration options in Figure 1.
Figure 1. Locally cached credentials update feature.
You can see the flow diagram represented in Figure 2.
Figure 2. Flow diagram for updating the locally cached credentials for remote users.
Finally, organizations can have their remote users reset their own password, as well as have those remote users update their locally cached credentials so they can logon and work while traveling away from the corporate network.
If you want to give this solution a try in your own environment, download ADSelfService Plus here.