So we've been binding macs to Active Directory for a while and the relationship has not been smooth. Filevault and AD passwords are regularly going out of sync. I've not found a great solution to fixing it. Been having folks log in via another generic user account, just on the vpn and switch user.
Anyways, the idea we had was to create a non-AD/mobile account for the user. The problem is we need to enforce a password policy. We only want to target that local account (we have admin and service accounts on all machines). Is there a way to scope pw policies to ONE mac user account vs the machine?