This isn't a JSS/JAMF issue, but thought I would throw this out there to see if I can get some help with an issue we have.

Our Active Directory Policy I set up in the JSS to bind our systems to Active Directory does have the “Create mobile account at login” checked marked, so that when we hand off the users new system they login with their domain login and would be able to change their domain password in System Preference and also have the ability to have them be notified that their password is about to change.

I recently found out that a member of the hardware team who hands off a users new Mac, has been creating their domain account locally and also creating a local password. The users are then instructed to change the local password to match their domain password. The issue I am finding now is that when the user needs to change their domain password, it does not synch to active directory, causing the user to have to use two passwords and not getting the password expire notifications.

Anyone happen to know how to fix this without deleting their local account? I am aware that the account can be deleted and keep the home folder, but I was hoping to find away to just make the password to sync.