macOS 10.14.4 work with AD : Keychain lost after updating password out of mac

Interesting, as I have tested almost every single 10.14.4 password situation except for this one. I don't think I ever actually clicked "Update" to see if it worked.

I will test this out tomorrow.

You can take a look at all my testing on the active directory and local accounts fixes in 10.14.4

https://mrmacintosh.com/category/local-accounts/
https://mrmacintosh.com/category/ad-mobile-accounts/

Apple has confirmed that this is a known issue / bug / defect of 10.14.4. I'd suggest to raise an Enterprise ticket with Apple and add your +1 to this defect. So far I have no bug ID, but you can add your case to ours: 20000049607662

@hawkzhang45 & @m.entholzner

Thanks for posting this, I have investigated and have also confirmed the issue. I wrote about it and posted a workaround for restoring the old login keychain.

https://mrmacintosh.com/10-14-4-update-breaks-update-keychain-password/

I also included an open radar.

@hawkzhang45 & @m.entholzner & @ClassicII

What I have never understood about this whole process, is the need to have an end user enter their old Active Directory created keychain password to change to their new Active Directory created keychain password, and not lose any of their keychain data. As someone that works in a place in a Helpdesk capacity. I must assist users in changing their forgotten passwords. The need for an end user to know and enter their old password, defeats the purpose of helping an end user change to a new password, if they cannot remember their old password. Which was the reason that they called the Helpdesk for help in the first place.

lol, I had met the same problem , hoping somebody help!!!

This is still busted in 10.14.5

@m.entholzner

Any word from your ticket ?

@ClassicII , Apple told me that they don't disclose internal bug IDs... but as this is a known issue, you should be able to just set your +1 on this issue. But they also confirmed that this is not fixed in 10.14.5 - let's hope for 10.14.6...

Working on it

Not seeing any movement on the bug report so I filed an Enterprise Support Ticket this morning.

@hawkzhang45

Just saw your post now, awesome work on the script! Let me test it out and if it works.

We also opened an Enterprise Support Ticket today to request Apple to include the fix to macOS 10.14.6 beta.

Heads up,

This fix is not looking good making it into 10.14.

The latest word is it's fixed in 10.15 beta 2.

If this is important to your organization you better talk with Apple now.

@m.entholzner @takayuki @hawkzhang45

Thanks for your heads-up @ClassicII .

We also contacted Apple Enterprise Support to request to bring this fix to macOS 10.14.6.

I've also opened an Enterprise support case regarding this issue with hopes they'll resolve it in 10.14.6.

I can confirm that the keychain password is updated properly in the latest 10.15 beta. Waiting for a response from Apple about making the fix available to 10.14.6.

same for us... we've also requested this to be fixed in 10.14.6 too.

Has anyone had a chance to test 10.14.6 yet? Did Apple fix it? We have a ticket open with Apple support but they have yet to answer the question on 10.14.6...

there was no fix included in the latest beta - maybe this changed in the release version, but I fear this is still not fixed :(

I am always amazed how long it takes Apple to fix something. This makes the enterprise support quite a bad deal :(

Hi All,

Has there been any more movement on this topic?

We have been testing the latest Jamf Connect Verify KeychainItems key with the latest 10.15 beta but don't seem to be getting any luck with updating specified keychain items.

We've have an enterprise support ticket open on this issue even since it was discovered. It's been fixed in the Catalina betas, but we've been told that it won't be backported to Mojave. Unfortunate.

Luckily, @ClassicII's instructions for restoring the original Keychain work like a charm. It's too bad that that it's just a little labor intensive.

Super frustrated by this - which would seem to be a fairly straightforward fix, esp. on managed devices. Apple's now releasing security updates for Mojave that REMOVE FEATURES (e.g. the --ignore option) and ADDS FEATURES (ability to understand MDM profile "Major Update" deferral) and is large enough to practically be a complete OS installation, but it does not bother to implement what likely is a trivial bug fix, thereby offloading on macOS support teams an extensive effort. I shouldn't have to update my users to Catalina - which is its own bag of hurt for many kinds of user-facing prompts for permissions and access that cannot be managed - to resolve this bug. Apple ought to patch it in Security Update 2020-004 for macOS Mojave.

Open tickets with Apple Enterprise support. Make your voices heard.

And not even fixed in 2020-004 :(