All Macs are bound to our AD (Windows2012R2) by Casper (9.61)
I see some Mavericks clients loosing the ability to contact the AD. Error Message is like "Cannot contact the Domain Controller". Rebinding helps. But what's the cause? I am suspecting the default 30 days windows policy setting for the maximum allowable age for a computer account password: http://technet.microsoft.com/en-us/library/jj852252(v=ws.10).aspx
Did anyone investigate that further? Or is it irrelevant for OSX ?
Thanx a lot!
Solved
Active Directory Domain member - Computer-Account: Maximum machine account password age
+8Best answer by calumhunter
Have a chat to your AD admin. Perhaps they have a policy of removing machines from AD or disabling them if they have not updated their machine password in x days.
Do you have any read only domain controllers?
+10Have a chat to your AD admin. Perhaps they have a policy of removing machines from AD or disabling them if they have not updated their machine password in x days.
Do you have any read only domain controllers?
+18In the past I have set this to 0 on the client side (dsconfigad -passinterval 0) particularly for laptop users who were out of the office (and out of contact from a DC) for extended periods of time.
As Calum says, it is really a question for your AD admin, although I've never heard of anyone changing this value on the Windows server side.
+8Thanx a lot. You were both right - awesome! There is a GPO on the Windows-side that did "clean" up. And of course the 14 days set for password interval were to short for the laptop users! Thank you!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.