Password expiration not prompting
We have 50 macs included in an active directory environment. Of those 50 about half are mac pros and half are macbook pros. All running Lion.
Some are not making users aware of password expiration. Some are counting down 30 days. All have mobile accounts. I have tried to find a difference between 2 systems and there is none. All are on the same image, same patch level. I have tried deleting the keychain and preferences, repairing permissions, resetting pram, rebooting the computer,. I have also confirmed the password expiration works properly on windows machines. However sometimes if a user has changed their password on a pc (or if I do it manually in Active directory) the mac does not sync up with active directory. Then you have the old password to log into the mac, then once in it prompts again for server mounting (that would take the new password).
To add to this when some users try to change their password from the user menu they get the message The password for the account "account name" was not changed. Your system administrator may not allow you to change your password or there was some other problem with your password. Contact your system administrator for help.
I have tried to help these users change their password so I know they are meeting all password requirements and are typing in passwords correctly.
How can I troubleshoot these 2 issues further? Are there any logs anywhere I can look at?
MacBook Pro, Mac OS X (10.7.3)