Jamf Nation Community

Some users have more than one Mac and or use a PC. So a lot of users will change their passwords on a PC or one of their macs but any other mac of theirs they have doesnt update so they have to go through the whole password change again on the secondary mac.

@TheBeastie :

Why do they have to go through the entire reset again on their second macs? They should just be able to connect to the network and login with their new AD creds.

If these Macs are FV2 enabled, then they will need to enter their old PW (if it was changed) to authenticate. Then, i would recommend they log out and back in with their new creds to update keychain.

Might want to take a look at NoMAD. It can help sync up a users keychain... Just some thoughts....

-R

@rqomsiya is correct. Assuming that your Macs can talk to Active Directory, then changing the password on one computer will change it in Active Directory and assuming that all of the Macs can talk to AD they should all be able to login with the new password. The issue comes with macOS 10.13 not being able to change the FileVault password for Mobile accounts if it was changed on a different computer. So the login password will change, but the FileVault password will still be the old password.

its odd because I original thought that too but from experience at least in this environment the mobile profile doesn't update with the new password from AD. I'm doing some digging to see why but that's where we are right now.

You may want to look at using a Policy instead of a Profile for domain joining. I found that the AD Config Profile can be a bit flakey.

That's probably what it is.