We're in the process of configuring multiple new M1 iMacs for deployment to our computer labs. Previously, we had successfully deployed plenty of Intel Macs and they are all bound to Active Directory via configuration profile and they have no trouble logging in with domain accounts. On the new M1 iMacs however, the AD bind appears to be successful, the settings appear correct on the Mac and the object appears in ADUC but no users are able to authenticate. It simply shakes and rejects the password. Interestingly, the domain controller logs show successful logins and do not report any failures. I have tried removing the configuration profile and binding the M1 iMac manually and I get the same results. We set our computers to create mobile account at login without requiring confirmation and we have packet signing and packet encryption both set to require although I have also tried setting them to allow which did not make any difference. We have the search policy set to all domains. Also, I do see the keychain entry for the computer account credentials. I tried the following command which did successfully locate my account in AD and add it to the list of users in system prefs but would not accept the password:
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -a <LocalAdminAccount> -U <'LocalAdminPassword'> -n <DomainUserAccount>
dscacheutil -q user -a name <DomainUserAccount>
login <DomainUserAccount>
Anyone else come across anything like this?
