Changing domain password over VPN

INTRODUCTION

In Active Directory environment, the default domain policy, specifically the password expiration policy, can cause resource access issues to VPN users who typically login with cached credentials. When their password is about to expire, they do not receive password change notification, which ultimately results in their account being locked out.

 

BACKGROUND

This issue gets resolved by the users having to call the help desk to have their password changed. These service requests to the help desk translates into lost productivity and potential disruption of services to business users. Although sending EMail notifications is an option, it is not as effective solution for changing domain password over VPN. The users learn to treat such recurring notifications as spam and may start to ignore these password change notifications. Even otherwise significant number of remote users may read such notifications when they are offline and then, tend to procastinate the password change as it requires them to re-establish the VPN connection.

Read More »

Group Policy Updates

INTRODUCTION

Group Policies apply when the computer starts up or when the user logs in. And after that event, every 90 minutes on a domain computer. This may work very well for LAN connected computers, however, for remote computers that generally start up without being connected to corporate network and the user logs in with cached credentials, the event based Group Policy refreshes are completed missed. And in such cases, it requires for the user to remain logged in for an extended period of time (90 minutes) for the policies to download and to apply over the VPN connection. The point is it leaves the remote computers in an unpredictable state and the administrator is never sure if the group policy updates are successfully applied on every remote computer.

 

Read More »

Duplicate DNS Records

INTRODUCTION

DNS Scavenging is a feature that must be enabled so the stale DNS records get deleted. However, it comes with its own set of challenges. Administrators managing desktops and laptops have to work with DHCP Lease period and DNS Scavenging No-Refresh and Refresh period in order for the systems to work optimally. For example, an administrator may configure the DHCP Lease Period to 8 days for LAN connected computers and the DNS Scavenging ‘No Refresh interval’ and the ‘Refresh Interval’ to 7 days each. Such a configuration on the DNS Zones will ensure that the DNS records are not updated often causing Active Directory replication to occur frequently.

Read More »