Network Password change wont work

Andixon
New Contributor II

Hi,

I have the problem that for some time now password changes for the mobile account have not been working properly. The passwords are changed via the Active Directory and the password is also synced to the devices, but it is not changed completely. Instead of one password prompts upon login there are now two. The first one which accepts the old password and the a second one which accepts the new password. It seems that the first password unlocks the hardware and the second one the account. Before it was all done by the same password. Also I should mention that if I change the network password again, it will only affect the second password (that was the new one in the first place, the old password always stays.

Anyone have any experience with this?

Thanks for the help!

8 REPLIES 8

Wildy671
New Contributor II

Hey,

Yes we have that issue here as well - how do your passwords sync back to Active Directory? Are you using a VPN connection or are the users wired into a network which talks to AD?

Andixon
New Contributor II

I have no idea on how the passwords sync back to the AD, I didnt even think that was necessary. I just took over from me predecessor, who did not really explain that much. How can I find this out?

 

Also it is a mix of VPN and wired Users, but the issue persist over both methods.

Wildy671
New Contributor II

In our case, our Active Directory is on-premise and our network relies on a VPN connection to talk back to AD as everyone is working from home still. If this VPN connection breaks during the change or sync back to Active Directory we notice the two password issue.

We have a few fixes, but it would be good to find out how your connection is established first. On a Mac when you open System Preferences, Users & Groups and then click Login Options does it show a Network Account Server connected here?

Andixon
New Contributor II

This should not be the case because employees are to only change their password, when they are on premise, so an interruption of the VPN connection should not be the issue. 

 

Yes, it does show a Network Account Server connected.

Wildy671
New Contributor II

Okay and the passwords, are they changed on the macOS devices through System Preferences? 

It would be good to establish whether the devices are talking to this server - normally we open Terminal and run a ping to the server address to see what response is given.

Andixon
New Contributor II

No, the passwords are change via a web service that interacts with the AD. Our organisation is a bit bigger, so this is the only way to change the password. Changing the password via System Preferences is disabled.

Wildy671
New Contributor II

Hmm okay, sorry to say I might be out of ideas here. 

It could still be the connection between AD and the end user, although the password change goes through maybe the connection does not stay stable enough to sync back to the device. The issue with passwords syncs is one I hate - the main reason we're looking at jamf Connect.

Sorry I couldn't help anymore!

Andixon
New Contributor II

Thanks for trying anyways. I still have an Apple Support Ticket open regarding this issue. If a solution comes up there I will post it here.