If the password is expired, Juniper will not let the user in. We recently set a password policy and the people who were locked out could not change their password in OWA. It wouldn't let them login. We had to manually change it for those users. To this day, we still do have a way of notifying those users that their passwords have expired.
From: Ben N [mailto:bennordlan...@gmail.com] Sent: Tuesday, January 11, 2011 3:16 PM To: NT System Admin Issues Subject: Re: domain joined laptops that aren't on your network yeah locking, and unlocking with new password did the trick. sweet! Years wasted not knowing this :) maybe it's a windows 7 thing, i don't know. So what about when a user's password expires? What do you do for these external users then? Far as i know Juniper SSL VPN won't let them logon. I think they can logon to OWA, but it doesn't really tell them they need to change the password. On Tue, Jan 11, 2011 at 3:07 PM, Jimmy Tran <jt...@teachtci.com> wrote: I was able to follow Glen's instructions and it worked for me when connect through network connect on the Juniper SSL VPN. Give it a try Ben. Jimmy From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Tuesday, January 11, 2011 10:30 AM To: NT System Admin Issues Subject: RE: domain joined laptops that aren't on your network Don't know about ssl vpn, but with a cisco ipsec vpn, connect via vpn, lock the computer and unlock and if it's time to change password, the laptop will prompt to change it. If the password has already been changed via owa, login to the laptop using old password, connect vpn, lock laptop and when it is unlocked it will ask for current domain password. From: Ben N [mailto:bennordlan...@gmail.com] Sent: Tuesday, January 11, 2011 1:11 PM To: NT System Admin Issues Subject: domain joined laptops that aren't on your network So we setup domain joined laptops and then ship them out to users that work primarily from home. They then use SSL VPN (juniper SA) to connect back to us, but these laptops never actually make it back to our physical network in most cases. We have these people change their password in OWA or via RDP to a server, but that doesn't reflect back to the domain joined laptop they are on until one day they actually show up at one of our offices I had thought being on VPN, that it would sync up with the domain enough that their current domain password would be required the next time they logged into their laptops, but this isn't the case. Any ideas? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin