it looks like there's a bug/issue on 10.13 for macs that are bound to AD, when the users tries to changes their password, it seems to have changed it, but in reality it doesn't.
anyone else experiencing this issue?
Question
macOS High Sierra 10.13 issues with AD and password changes.
Has this been resolved (natively, without workarounds/Nomad/etc) in any recent High Sierra version? Current is 10.3.5 released on 1 Jun at time of writing.
+1No, has not been resolved. Still happens with the latest current version of High Sierra (10.13.6).
The weird this is the work-around I've found. If I bind to AD with Create Mobile Account OFF, I can successfully login to the AD account, then go into System Preferences -> Users & Groups -> user just created, I can click on the button that says "Create Mobile Account", bam sets it up as a Mobile User and works perfectly after that.
I don't understand. Luckily we setup new machines for people ahead of times and can do that.
+7@seann @kendalljjohnson We have the same problem. The admin accounts that we control via AD groups don't work. The fix is simple enough but a PITA: unbind AD via script, and then rebind it. Have you managed to automate this to trigger on everyone who's done an update to 10.13?
Thanks in advance.
+13For us at least using Config Profiles for the Directory Payload AD Bind and Mobility Payload to enable mobile accounts, the AD password updates but the preboot password is still the old password for a time.
After some time logged in (we haven't been able to narrow this down to a specific amount of time yet), the Preboot password will get updated and be the current password on subsequent reboots.
This has happened on 10.13.6.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.