Reset Mobile Account, Keychain and AD passwords in one action

djrory
Contributor

Our users are AD bound, mobile accounts and we are having trouble with password resets.

When selecting "User must change password at next login" in AD the users get prompted to change when logging in but of course this does not update the keychain. Unless the user goes in and enters the new password in each and every keychain entry it will continue to try to authenticate with the old credentials and eventually lock the users account.

What options are available (preferably without noMAD or converting to local accounts) to reset password cleanly and simply?

1 REPLY 1

a_stonham
Contributor II

Apple SSO module is available in 10.15 and later.
https://www.apple.com/business/docs/site/Kerberos_Single_Sign_on_Extension_User_Guide.pdf

NoMAD is still a good option.