MAC Keychain password issues

In our network we have some MAC machines that are joined to Active Directory.
When there is an Active directory password change for a user, then most of the time the login keychain password does not sync with AD password, and MAC users will notice those Popups to enter their password each time..

I wonder if there is a way in MAC to synchronize the login keychain password with AD password.

I am not familiar with MAC, so I have read about  different solutions, but have not seen one that talks about just synchronizing Login keychain with AD password.

Any help will be very much appreciated.

Thank you
jskfanAsked:
Who is Participating?
 
serialbandConnect With a Mentor Commented:
Have them start the KeyChain Access.app in /Applications/Utilities/

Once Keychain Access has started, go to Edit --> Change Password for Keychain Login.

It will prompt for the old password and the new password.  The use should enter the old password and whatever new password your admin has set the account to.
0
 
strungConnect With a Mentor Commented:
There are several solutions suggested here:

https://groups.google.com/forum/#!topic/macenterprise/b2xZttuVkPk

including user education, a terminal command to ensure users are reminded to sync their keychain and a third party application called Keychain Minder Tools.
0
 
serialbandConnect With a Mentor Commented:
Generally, if you change your account password from the Mac, it will also update the Keychain.  Mac users should just make password changes on their Macs.  Don't ever have them change it on another system.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
jskfanAuthor Commented:
<<Generally, if you change your account password from the Mac>>

when the password expires in AD, MAC users will call the administrator and will change it for them in AD, then MAC users will be able to login but they will keep getting Pop Ups to enter password for each application they launch. It means there is an out of sync somewhere .
0
 
serialbandConnect With a Mentor Commented:
Then you need to send a password expiration reminder to your Mac Users so they don't get into that situation.  Once they do, your tech support should keep them on the phone and have them start their Keychain Access app to change their keychain password at that time, while they still remember their previous password.

There's an ugly work-around for this is and that's to get them off wired ethernet.  Mac wireless connections are disabled until you log in.  They'll be able to use their old password to log into their Mac until they change it and force the cache to update, which will then also update the keychain password.  While they'll still be able to login with the old password, the new password is needed to connect to file shares and other services.
0
 
jskfanAuthor Commented:
<<<Then you need to send a password expiration reminder to your Mac Users so they don't get into that situation.  Once they do, your tech support should keep them on the phone and have them start their Keychain Access app to change their keychain password at that time, while they still remember their previous password>>>.


How do they change the keychain password after the administrator has changed the AD password for them and communicate it to them ?
0
 
jskfanAuthor Commented:
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.