I am looking to use TPAM to manage the local administrator account on all of my company's domain joined workstations. Discovering the workstations is relatively easy using the LDAP Auto-Discovery and System template.
However, we have hit some road blocks. Many times, workstations are taken off of the domain or are turned off. TPAM is then unable to reset the password... If the workstation is unreachable when it is trying to do a reset, the next time a user tries to check out the account, they will be presented with an error message. I know there is an option to place a certificate on each machine to make a SOAP call when it is ready to be reset, but have deemed that as not a viable option. We could also give users PPM ISA to get old passwords, but this is not a user=friendly workflow, and gives end users elevated privileges.
If anyone has deployed TPAM to manage workstations adminstrator IDs, could you please share your deployment strategy?