Solved

Macs not logging in if "user must change password at next login" is checked in their ad account

Posted on 2016-09-26
11
69 Views
Last Modified: 2016-10-03
We use active directory and the macs at one of the schools seem to have an issue logging in if the user has "user must change password at next logon" checked off.  If I uncheck it they can login just fine but if they are required to change their password it does not login. Any idea what might be causing this?
0
Comment
Question by:Roccat
  • 6
  • 3
  • 2
11 Comments
 
LVL 8

Assisted Solution

by:Tim Lapin
Tim Lapin earned 250 total points
ID: 41816102
Which versions of Mac OS  and AD are you running?  Have they been patched to most recent levels for their respective versions?

One option:  OWA
Do you have an exchange server with OWA (Outlook Web Access) enabled as well?  Is it set to use the domain password for mail?  If so, try having one one of the Mac users log in via OWA and change the password that way.  I have read some stuff that indicates it might work for you.

Other people use a product called Centrify.  I have no experience with it but I mention it in case it might help you.
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 41816133
Are the Macs joined to the domain?
0
 

Author Comment

by:Roccat
ID: 41816152
The macs are joined to the domain. We have a few thousand. They all seem to work fine except this lab it seems.   We don't use outlook web access.  I have heard of centrify but we have not needed it in the past because things usually work fine.  I believe things are updated fully.
0
 

Author Comment

by:Roccat
ID: 41816156
The macs in question are 10.9.5  The domain functional level is still at 2003.
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 41816190
Have you compared the AD binding settings between one that works and one in the lab to see if there are any differences that might account for this behavior?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:Roccat
ID: 41816195
Yeah. I have compared. Rebinded multiple times.  Settings look to be the same.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 250 total points
ID: 41823372
Have you tried having one of those users log onto a Mac somewhere else; assuming they have rights to do so, or have you tried physically moving one of those Macs to another lab or building?  This would help rule out something in the network or the actual OS X install on one of the problem Macs.
0
 

Author Comment

by:Roccat
ID: 41823383
Yeah, i tried that user account on a mac on my desk and it works fine.  Just seems to be this lab.
0
 
LVL 8

Accepted Solution

by:
Tim Lapin earned 250 total points
ID: 41823701
You mentioned that the macs in question are all Mavericks (10.9.5) machines.  Are the ones that are working fine also running Mavericks?

What happens if you swap two Macs (one from the problem lab and one from a working area)?  Does the problem follow the computer or stay within the lab?
0
 

Author Comment

by:Roccat
ID: 41826923
There are working mavericks machines .  I will try that when I have a chance to visit the site.
0
 

Author Closing Comment

by:Roccat
ID: 41826925
Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now