All Macs are bound to our AD (Windows2012R2) by Casper (9.61)
I see some Mavericks clients loosing the ability to contact the AD. Error Message is like "Cannot contact the Domain Controller". Rebinding helps. But what's the cause? I am suspecting the default 30 days windows policy setting for the maximum allowable age for a computer account password: http://technet.microsoft.com/en-us/library/jj852252(v=ws.10).aspx
Did anyone investigate that further? Or is it irrelevant for OSX ?
Thanx a lot!
Solved
Active Directory Domain member - Computer-Account: Maximum machine account password age
+8Best answer by calumhunter
Have a chat to your AD admin. Perhaps they have a policy of removing machines from AD or disabling them if they have not updated their machine password in x days.
Do you have any read only domain controllers?
+10Have a chat to your AD admin. Perhaps they have a policy of removing machines from AD or disabling them if they have not updated their machine password in x days.
Do you have any read only domain controllers?
+18In the past I have set this to 0 on the client side (dsconfigad -passinterval 0) particularly for laptop users who were out of the office (and out of contact from a DC) for extended periods of time.
As Calum says, it is really a question for your AD admin, although I've never heard of anyone changing this value on the Windows server side.
+8Thanx a lot. You were both right - awesome! There is a GPO on the Windows-side that did "clean" up. And of course the 14 days set for password interval were to short for the laptop users! Thank you!
Most helpful members this week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.