Step 8 - Once you have logged in, please lock the mac and try unlocking using the new password. Please select "Create New Keychain" your login will succeed. It should definitely go through and the system will prompt for 2 options Create New Keychain or Update Keychain Password. Step 7 - Then check out for any lockouts of the user AD account and try logging in with the new password. The password sync will try to re-attempt and it should get updated at the backend. Please leave the macbook connected to LAN port at login screen for 15-30 min depending on your DC geolocation and mac location. The policy will first bind the mac to AD and immediately logs out. Note:- Add the following command "sleep15 & sudo pkill loginwindow" under Files & Processes. Step 6 - Scope the AD Bind policy and run it from self service. (The script is one liner "/usr/sbin/dsconfigad -remove -username "NotReal" -password "NotReal" -force") Step 5 - Launch Self Service & run the AD UnBind Policy to remove the mac from the AD domain FYR. Please inform the user to drive back to office > connect the mac to enterprise (LAN) network by which it will communicate to the AD Domain Controllers & servers. Step 4 - If the above 3 steps didn't fix the issue. Step 3 - Perform a restart and check whether the new password is updated and you are able to login. If you receive any further errors, please post here I will look into it and help you further. You will be prompted for the old password and the current password. Sudo fdesetup list | grep $USER #where $user is the name of the user out of sync Step 2 - Once the Securetoken is enabled for AD Mobile Account, execute the below commands It will pass the securetoken to ADmob account successfully. Simply go to system preferences>Security & privacy > Unlock using admin credentials > Select Filevault > You will notice the following Alert "Some users are not able to unlock the disk |Enable Users|" Click Enable Users. If it's disabled follow this article to enable the secure token īy any chance if you receive any Operation not permitted error while enabling securetoken. Sysadminctl -secureTokenStatus username_goes_here Step 1 - Check the Securetoken status of the AD Mobile Account (Mac User who is aware of his/her old AD password) FV2 enabled Scenario 2(Mac User who is not aware of his/her old AD password) FV2 Enabled Scenario 1 (Mac User who is aware of his/her old AD password) FV2 Enabled This worked for me.Hence I am sharing this to all the admins out there who is looking for a permanent solution of never ending AD Password Sync Issue with FileVault.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |