Solved

Macs not logging in if "user must change password at next login" is checked in their ad account

Posted on 2016-09-26
11
108 Views
Last Modified: 2016-10-03
We use active directory and the macs at one of the schools seem to have an issue logging in if the user has "user must change password at next logon" checked off.  If I uncheck it they can login just fine but if they are required to change their password it does not login. Any idea what might be causing this?
0
Comment
Question by:Roccat
  • 6
  • 3
  • 2
11 Comments
 
LVL 9

Assisted Solution

by:Tim Lapin
Tim Lapin earned 250 total points
ID: 41816102
Which versions of Mac OS  and AD are you running?  Have they been patched to most recent levels for their respective versions?

One option:  OWA
Do you have an exchange server with OWA (Outlook Web Access) enabled as well?  Is it set to use the domain password for mail?  If so, try having one one of the Mac users log in via OWA and change the password that way.  I have read some stuff that indicates it might work for you.

Other people use a product called Centrify.  I have no experience with it but I mention it in case it might help you.
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 41816133
Are the Macs joined to the domain?
0
 

Author Comment

by:Roccat
ID: 41816152
The macs are joined to the domain. We have a few thousand. They all seem to work fine except this lab it seems.   We don't use outlook web access.  I have heard of centrify but we have not needed it in the past because things usually work fine.  I believe things are updated fully.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:Roccat
ID: 41816156
The macs in question are 10.9.5  The domain functional level is still at 2003.
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 41816190
Have you compared the AD binding settings between one that works and one in the lab to see if there are any differences that might account for this behavior?
0
 

Author Comment

by:Roccat
ID: 41816195
Yeah. I have compared. Rebinded multiple times.  Settings look to be the same.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 250 total points
ID: 41823372
Have you tried having one of those users log onto a Mac somewhere else; assuming they have rights to do so, or have you tried physically moving one of those Macs to another lab or building?  This would help rule out something in the network or the actual OS X install on one of the problem Macs.
0
 

Author Comment

by:Roccat
ID: 41823383
Yeah, i tried that user account on a mac on my desk and it works fine.  Just seems to be this lab.
0
 
LVL 9

Accepted Solution

by:
Tim Lapin earned 250 total points
ID: 41823701
You mentioned that the macs in question are all Mavericks (10.9.5) machines.  Are the ones that are working fine also running Mavericks?

What happens if you swap two Macs (one from the problem lab and one from a working area)?  Does the problem follow the computer or stay within the lab?
0
 

Author Comment

by:Roccat
ID: 41826923
There are working mavericks machines .  I will try that when I have a chance to visit the site.
0
 

Author Closing Comment

by:Roccat
ID: 41826925
Thanks!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question