Supporting Remote AD Users


I will try posting this again as I didn't get any responses last time. If I am doing something wrong, please let me know....

We are rolling out new laptops to teachers who are away from the district 3 months of the year (summer break, winter and spring breaks). They are going to be authenticating with AD accounts to make things easier for them to remember one password for mail, laptop login and a few other internal services.

Passwords are set to expire every 120 days, as long as they are in our district network, they can reset their password without issue in User and Groups which seems to update the keychain as well, that is great.

However, when they are away from the district network and they haven't changed their password before they left for break and it expires while they are away, how can we help them?

We are going to try and remind everybody before breaks to change their password, but you know how that works, somebody will forget.

My fear is that they won't be able to login when they are away and they won't be able to use the computer, or they forget their password and they won't be able to get in, even if we reset the password in AD for them.

Is there a script that can help us at the helpdesk allow them to login, or is Nomad the answer to all of our problems?

What solutions are you using to accommodate AD authentication and roaming teachers?

Thanks in advance,


Contributor III

I'm not in your situation exactly, but our remote users must connect to VPN for password changes. That's about the only option.

Good luck!


@mbezzo thanks for the tip.