Macbooks on a corporate windows environment.

Joined
Dec 8, 2015
Messages
1
Reaction score
0
We are presently using Macbook Airs to Logon to a windows domain. The Macbooks are binded to the domain. We are a corporate environment, and require our users to change their password every 90 days. We run a RDS host server farm of 16 servers. We allow our salesmen and others in the company to use a web version of the RDS host when they are not at the corporate site. A majority of our Macbook users are salesmen. They are never at Corporate. They work from home. When they change their password remotely on the RDS host through the web. Obviously, The macbook doesn't update the Local Profile with their new password. They are left with them using the old password to sign on to their macbook for their domain account. This causes 2 issues:

1. They have 2 passwords now and when they login. The keychain will ask for a password. Also it will ask for a password for each entity that is in the keychain( Email password, RDS host password, and others). It will keep asking for these every single time they login to the laptop. This will becoming so annoying for the user they will contact the help desk and we will use the 1st aid utility to create a new keychain.

2. Which comes to problem # 2 - With the new keychain we would have to add the login server info for RDS( it is saved in the keychain and also their email information is also in the keychain. They would need to configure their email password as the password would not sync up with their present email password because they never locally sign in to our corporate network.

We have thought about removing the laptop completely from the domain, but the amounts of passwords that a user would need to use to sign in to DFS Active Directory protected Servers and Shares would be to aggravating on a daily basis to work with.

Please Help we just want these macbooks to work with our environment!!! Apple support is no help!!!
 

Cory Cooper

Moderator
Joined
May 19, 2004
Messages
11,098
Reaction score
500
Hello and welcome.

I have run across this issue before myself. Sometimes if you change the AD password using the System Preferences > User & Groups > Change Password... command, then restart the Mac. It will update AD with the new password at login and not give Keychain errors. Also, it is best in this scenario to be logged into the domain when you change the password this way, not offsite, at home, etc.

If a user changes their password, you can fix the Keychain password prompt by navigating to ~ > Library > Keychains and deleting the folder with a long name such as: 0004000-0000-0130-8050-001E4F753GK2 and then restarting. Also, you can use Keychain Access to change the password for the login keychain to match the new password.

There are other things that can cause this issue. We'll try to help you sort it out.

C
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top