I am just curious what some people out here are doing/using when people change passwords and the keychain keeps popping up for user. I am getting tired of running around just to click on reset defaults the last few days..
Thanks
Question
Keychain errors after changing password in AD....methods
+10
+24Is this when the password changes in AD, and wasn't changed from the Mac? Because if so, unfortunately that will always happen in that circumstance. The OS can't possibly know that the account password changed from the backend until it attempts to authenticate and gets a bad password response from what's stored in the keychain.
Have you looked at @bentoms' ADPassmon fork? It has the ability to perform a password unlock check at login and allow users to reset it there if needed.
+11We have this in our self service. It was written by one of the JAMF Speakers at last years JNUC. The script is on her GitHub https://github.com/andrina/JNUC2013/blob/master/Users%20Do%20Your%20Job/deleteAndcreateKeychain.sh
We have switched over to more of the method outlined on this posting using ADPassMon2 with MCX and a launch agent https://jamfnation.jamfsoftware.com/discussion.html?id=10252
+11The script checks to see who is logged in, gets the keychain name for the user, asks the user for there current password, deletes the old keychain and creates a new one with the current password.
We put the script in self service in our First Aid section for our mac users. Our help desk has communicated to our mac users if they see keychain errors they can run that and it should repair the issues.
If you are looking for something to run at login you could probably make the script work for that use, but I would consider giving the ADPassMon a try as well.
+26Just throw this on computers and have users change their password through it:
http://macmule.com/2014/04/01/announcing-adpassmon-v2-fork/
Have them log out, log back in with new password, then update password when prompted within apps (Outlook, whatever). It's magical.
+10We added it to self service and assign it to machines when the problem is reported (recommended by Andrina @JNUC2013)
+10We packaged cocoa (then installed it through policy) and uploaded the script (after pointing to the cocoa install location). Then I created a policy called KeyChain Repair and assigned it to Self Service, it calls the script and prompts for reboot when complete. I had to tweak a couple of things for our environment, but Andrina Kelly did all the heavy lifting for us. I followed her instructions from last year. The session should still be available here:
https://www.youtube.com/playlist?list=PLlxHm_Px-Ie01lK6FgfdXhk-YuByY6X27
the session title is: Getting Users to Do Your Job (Without Them Knowing It)
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.