You shouldn't have to change the passwords of every other user if the solution was designed properly in the first place. Every remote user should have a different password, thus you merely disable the account of the employee that left. Additionally VPN passwords shouldn't be stored on the client, thus you shouldn't change them in such fashion anyways.