If employee password expire in AD.
Password can be reset via 2 ways
1.self service password reset
2. Password reset by Admin
Self Service Password reset:
In case password is not expired yet and few days still left.
For this on-prem active directory will be synced with Azure active directory via Azure connect and Password writeback must be enabled under Azure Connect settings.
So employee can reset password itself by going under his/her account settings and it will be updated in AD.
If password is expired:
Only AD Admin can set password for the user.
ISSUES:
Even if AD admin reset the password for the employee.
Employee can use the password set by admin only if he/she is connected with company network.
For Domain Joined Computer
If employee is working from home VPN must be connected first Start before Logon only then employee can use the password set by AD admin.
because computer maintain cached password so even if Admin updated user password, employee laptop still has old password cached and when employee tries to login with Admin password it will not work as employee is not connected with VPN.
Always reset the password of the employee to the closest domain.
Suppose company has offices in USA ,India, canada
Employee who’s password is expired is in India office.
So if employee password need to be reset by Admin.
Admin should reset it on the India domain controller.
WHY?
If Admin reset the password on USA Domain controller, password will sync to India and Canada domain controller in sometime.
Travel first die next 