• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 280
  • Last Modified:

Macs not logging in if "user must change password at next login" is checked in their ad account

We use active directory and the macs at one of the schools seem to have an issue logging in if the user has "user must change password at next logon" checked off.  If I uncheck it they can login just fine but if they are required to change their password it does not login. Any idea what might be causing this?
0
Roccat
Asked:
Roccat
  • 6
  • 3
  • 2
3 Solutions
 
Tim LapinComputer Consultant (Desktop analyst)Commented:
Which versions of Mac OS  and AD are you running?  Have they been patched to most recent levels for their respective versions?

One option:  OWA
Do you have an exchange server with OWA (Outlook Web Access) enabled as well?  Is it set to use the domain password for mail?  If so, try having one one of the Mac users log in via OWA and change the password that way.  I have read some stuff that indicates it might work for you.

Other people use a product called Centrify.  I have no experience with it but I mention it in case it might help you.
0
 
jhyieslaCommented:
Are the Macs joined to the domain?
0
 
RoccatAuthor Commented:
The macs are joined to the domain. We have a few thousand. They all seem to work fine except this lab it seems.   We don't use outlook web access.  I have heard of centrify but we have not needed it in the past because things usually work fine.  I believe things are updated fully.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
RoccatAuthor Commented:
The macs in question are 10.9.5  The domain functional level is still at 2003.
0
 
jhyieslaCommented:
Have you compared the AD binding settings between one that works and one in the lab to see if there are any differences that might account for this behavior?
0
 
RoccatAuthor Commented:
Yeah. I have compared. Rebinded multiple times.  Settings look to be the same.
0
 
jhyieslaCommented:
Have you tried having one of those users log onto a Mac somewhere else; assuming they have rights to do so, or have you tried physically moving one of those Macs to another lab or building?  This would help rule out something in the network or the actual OS X install on one of the problem Macs.
0
 
RoccatAuthor Commented:
Yeah, i tried that user account on a mac on my desk and it works fine.  Just seems to be this lab.
0
 
Tim LapinComputer Consultant (Desktop analyst)Commented:
You mentioned that the macs in question are all Mavericks (10.9.5) machines.  Are the ones that are working fine also running Mavericks?

What happens if you swap two Macs (one from the problem lab and one from a working area)?  Does the problem follow the computer or stay within the lab?
0
 
RoccatAuthor Commented:
There are working mavericks machines .  I will try that when I have a chance to visit the site.
0
 
RoccatAuthor Commented:
Thanks!
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now