Macs not logging in if "user must change password at next login" is checked in their ad account

We use active directory and the macs at one of the schools seem to have an issue logging in if the user has "user must change password at next logon" checked off.  If I uncheck it they can login just fine but if they are required to change their password it does not login. Any idea what might be causing this?
RoccatAsked:
Who is Participating?
 
Tim LapinComputer Consultant (Desktop analyst)Commented:
You mentioned that the macs in question are all Mavericks (10.9.5) machines.  Are the ones that are working fine also running Mavericks?

What happens if you swap two Macs (one from the problem lab and one from a working area)?  Does the problem follow the computer or stay within the lab?
0
 
Tim LapinComputer Consultant (Desktop analyst)Commented:
Which versions of Mac OS  and AD are you running?  Have they been patched to most recent levels for their respective versions?

One option:  OWA
Do you have an exchange server with OWA (Outlook Web Access) enabled as well?  Is it set to use the domain password for mail?  If so, try having one one of the Mac users log in via OWA and change the password that way.  I have read some stuff that indicates it might work for you.

Other people use a product called Centrify.  I have no experience with it but I mention it in case it might help you.
0
 
jhyieslaCommented:
Are the Macs joined to the domain?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
RoccatAuthor Commented:
The macs are joined to the domain. We have a few thousand. They all seem to work fine except this lab it seems.   We don't use outlook web access.  I have heard of centrify but we have not needed it in the past because things usually work fine.  I believe things are updated fully.
0
 
RoccatAuthor Commented:
The macs in question are 10.9.5  The domain functional level is still at 2003.
0
 
jhyieslaCommented:
Have you compared the AD binding settings between one that works and one in the lab to see if there are any differences that might account for this behavior?
0
 
RoccatAuthor Commented:
Yeah. I have compared. Rebinded multiple times.  Settings look to be the same.
0
 
jhyieslaCommented:
Have you tried having one of those users log onto a Mac somewhere else; assuming they have rights to do so, or have you tried physically moving one of those Macs to another lab or building?  This would help rule out something in the network or the actual OS X install on one of the problem Macs.
0
 
RoccatAuthor Commented:
Yeah, i tried that user account on a mac on my desk and it works fine.  Just seems to be this lab.
0
 
RoccatAuthor Commented:
There are working mavericks machines .  I will try that when I have a chance to visit the site.
0
 
RoccatAuthor Commented:
Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.