Filevault2 / Network Account High Sierra

New Contributor III

Hello ,

I'm looking for a solution for the Filevault 2 Sync Password with AD users accounts.

Actually all my MBA are with AD users account installed.

My issue is when the users change their password (every 30 days) , it's not change for the FileVault.

Sometimes one users as not be connected to this Mac during 30-40 days , and when is back , he don't know the old password for FileVault , and we have delete keychain / reset and can't use the new password enter during Reset. We have to open the admin local just for unlock Filevault.

we have this issue only with High Sierra , I've try to add manually with CLI "fdesetup" but same issue

If someone got a solution for this.


Contributor II

You should look into using NoMAD, the free AD Password synch tool. Not a sales pitch here, but we use it because it synchs the local and AD password, so when a customer changes their network password, their local password (FileVault) changes. It can be configured to synch the password if it's out of synch from the start.

There also is a tool from Apple called Enterprise Connect. Does the same thing that NoMAD does. It's not free, however.

Hope that helps.

Esteemed Contributor II

Mobile account passwords are sync'd to FileVault 2 on graceful logout after