Portal not updating ad information
We take a closer look at some best practices to avoid account lockout issues when cached credentials and AD credentials become out of sync.
Understanding cached credentials is particularly important when working with remote users in a SSPR (self-service password reset) scenario.
For example, suppose a mobile user uses a domain account to log on to a laptop that is joined to a domain.
We get questions about Active Directory credential caching quite often from customers and prospects.
Since we provide Active Directory solutions, it would make sense that we have insight into AD credentials caching in Windows but the caching mechanism is actually a function of the client and not the server.
SSPR solutions typically allow a user to easily reset her Active Directory password.
This is great when a user is authenticating directly against a domain controller but not so good when a user, especially a remote user, is logging onto a machine or a VPN connection using Windows cached credentials.
Basically, this scenario—supported with solutions like Web Active Directory’s People Password product—occurs when users who don’t regularly log directly into a domain and authenticate against a domain controller forget their Windows password.
This includes VPN-connected users as well as users who take advantage of resources like portals that store user credentials in AD.