- Jamf Nation Community
- Products
- Jamf Pro
- AD Cache profile syncing
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
AD Cache profile syncing
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-16-2018 05:27 PM
Has anyone figured out how to sync the cache profile with ad? Our company policy for passwords to expires every 60 days is starting to create a lot of tickets. I was thinking maybe doing something with a launch agent.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-19-2018 09:15 AM
Sorry, I'm confused as to what you are asking. Can you clarify? Are your Macs joined to AD? using mobile accounts? If so I don't understand why there would be an increase in tickets when passwords expire. Are the users not connected to the network so they are unable to change their passwords?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-19-2018 04:10 PM
Some users have more than one Mac and or use a PC. So a lot of users will change their passwords on a PC or one of their macs but any other mac of theirs they have doesnt update so they have to go through the whole password change again on the secondary mac.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-19-2018 07:15 PM
Why do they have to go through the entire reset again on their second macs? They should just be able to connect to the network and login with their new AD creds.
If these Macs are FV2 enabled, then they will need to enter their old PW (if it was changed) to authenticate. Then, i would recommend they log out and back in with their new creds to update keychain.
Might want to take a look at NoMAD. It can help sync up a users keychain... Just some thoughts....
-R
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-20-2018 07:03 AM
@rqomsiya is correct. Assuming that your Macs can talk to Active Directory, then changing the password on one computer will change it in Active Directory and assuming that all of the Macs can talk to AD they should all be able to login with the new password. The issue comes with macOS 10.13 not being able to change the FileVault password for Mobile accounts if it was changed on a different computer. So the login password will change, but the FileVault password will still be the old password.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-20-2018 08:38 AM
its odd because I original thought that too but from experience at least in this environment the mobile profile doesn't update with the new password from AD. I'm doing some digging to see why but that's where we are right now.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-20-2018 08:50 AM
You may want to look at using a Policy instead of a Profile for domain joining. I found that the AD Config Profile can be a bit flakey.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-20-2018 09:01 AM
That's probably what it is.
