It is possible, using an R5.04a server (I have not tested other R5 versions) to use AdminP to recertify an expired ID even if the client is running R4.5.x. Once the ID has expired, issue a recert request via AdminP (Recertify User Action in the Person view). Once AdminP has run it's tasks, the user can connect to the R5 server and get their certificate updated. Interestingly, this works even if the user does not have access to the server - for instance if you have an administration hub that general users cannot access, they can still type in the server name in a File-Open Database dialog. The R4.5 client will show "Your ID has been updated with new expiration information" and then show the "You cannot access this server" dialog.
This works for R5 clients as well.