SSPR solutions typically allow a user to easily reset her Active Directory password.
This is great when a user is authenticating directly against a domain controller but not so good when a user, especially a remote user, is logging onto a machine or a VPN connection using Windows cached credentials.
It also boosts user productivity and overall user satisfaction with IT services.
Active Directory Management Server Module Features: When users separate from the company, there is an immediate need to disable access to network resources, to sensitive data, and to other company assets.
I believe I was experiencing something similar with the Sierra GM: My machine isn't bound to AD or a directory, the account in question is local.
Shortly after setting up i Cloud, the user account associated with the i Cloud setup would be locked out.
We take a closer look at some best practices to avoid account lockout issues when cached credentials and AD credentials become out of sync.
Understanding cached credentials is particularly important when working with remote users in a SSPR (self-service password reset) scenario.