I've never had an issue with changing a Management Account password in JAMF Pro 9.
Since we've moved to version 10, (10.4.1 to be exact) ¾ of my Macs are continually failing the policy:
Policy> Management Account > Change Account Password.
The only error I get is "Error: The Managed Account Password could not be changed.".
Any ideas would be great on how to resolve this.
I get this error after i re-enroll a mac with QuickAdd. It seems like it fails to create the management account, since the account is already present on the machine. This seems to break the password-sync so the policy can't update the management account password.
The only way i found a way around this was to first delete the management account using dscl and then re-enroll:
sudo dscl . -delete "/Users/managementAccountName"
(Replace managementAccountName with your account name).
Any help with getting this policy to update the management account password without re-enrolling the machine is much appreciated!
We managed to get the password sync with the management account working again. You need to change the management account password on the computer locally first, then you send a specific recon command to report the management account password back to the JSS. A this point the password is in sync but with your known password. Now the policy can run to set a random hidden password!
sudo dscl . passwd /Users/jamfmanage newpwd sudo jamf recon -sshUsername jamfmanage -sshPassword newpwd
This is a bit hard to automate since you can't scope this to the computers that has failed the password change policy. It is possible though through the API with a lot of looping.