Our users are AD bound, mobile accounts and we are having trouble with password resets.
When selecting "User must change password at next login" in AD the users get prompted to change when logging in but of course this does not update the keychain.
Unless the user goes in and enters the new password in each and every keychain entry it will continue to try to authenticate with the old credentials and eventually lock the users account.
What options are available (preferably without noMAD or converting to local accounts) to reset password cleanly and simply?
