Hello, we recently forced users to do a password change in AD, and because we use ISE/Radius to authenticate them to the wireless, it has caused quite a few people to get locked out because their mobile devices have the old credentials cached. I am looking for suggestions on how to tackle this so if we do go to a strict password policy period, we dont get slammed with help desk calls for locked out accounts. Currently we ask the end user to forget the network and reconnect using the new password. Its easy enough for a handful but when its applied to 10k students, it might get ugly.
Our system is 4 Cisco 9800-40 WLC's and 6 ISE nodes spanned across 4 sites.