For how long can a client be shutdown in AD?

It'll be fine.

Here's a little blurb from Sean Ivey from Microsoft; a pretty smart guy:

Ok, as long as we're talking about domain members, and not domain controllers then for all practical purposes they could be turned off indefinitely with no problem. When you finally turn them back on, the netlogon scavenger will run, contact a domain controller, and reset the password for the computer account.

The important thing to remember is that a computer account password reset is driven by the CLIENT, not the domain controller. So, as long as the client doesn't try to change it's password, then the password will not be changed.

Take a look at this link when you get a chance. I've pulled out the relevent parts:

http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx "Machine account passwords as such do not expire in Active Directory. They are exempted from the domain's password policy. It is important to remember that machine account password changes are driven by the CLIENT (computer), and not the AD. As long as no one has disabled or deleted the computer account, nor tried to add a computer with the same name to the domain, (or some other destructive action), the computer will continue to work no matter how long it has been since its machine account password was initiated and changed.

So if a computer is turned off for three months nothing expires. When the computer starts up, it will notice that its password is older than 30 days and will initiate action to change it. The Netlogon service on the client computer is responsible for doing this. This is only applicable if the machine is turned off for such a long time.

Before we set the new password locally, we ensure we have a valid secure channel to the DC. If the client was never able to connect to the DC (where never is anything prior the time of the attempt – time to refresh the secure channel), then we will not change the password locally.

The relevant Netlogon parameters that come into play and we can think about changing here are:

ScavengeInterval (default 15 minutes), MaximumPasswordAge (default 30 days) DisablePasswordChange (default off). "

I hope this helps!