User profile for user: switchfly
switchfly Author
User level: Level 1
8 points

MacOS Filevault not syncing with Active Directory creds

 A couple of my remote MacOS users with AD accounts are unable to sync their filevault and AD creds (machines are bound to AD). Typically we have users log into the VPN and then change passwords locally in syst prefs. In a couple of cases I have users who can’t seem to authenticate to the domain from their login screens. We have another local account on all our machines that is just a non-admin VPN access account. The current work around is to log in there, get on the VPN and switch user (which takes their AD creds). This is a temporary fix and reboots prompt the issue to return. I’ve checked and they both have Secure Token enabled. Is there a good fix for this? One of my co-workers suggested I rebind the machines to our domain but I’d like to avoid that. Both are on Catalina OS. We are still vetting Big Sur.


I know this is related to Filevault. Is there a a non-messy way to fix this? Everyone is remote right now.

MacBook Pro 15″, macOS 10.14

Posted on Apr 7, 2021 8:44 AM

Reply

Similar questions

1 reply
User profile for user: etresoft
etresoft
User level: Level 9
58,064 points

Apr 7, 2021 9:08 AM in response to switchfly

You are going to have to clarify to users which login screen you are talking about. The initial boot screen when FileVault is enabled is entirely separate from the rest of the system. Users may not realize that.


When dealing with enterprise issues, everything is always harder. You are asking this question in the general Catalina forum of Apple Support Communities, which is aimed only at end users. For these enterprise problems, the normal route would be that your company IT staff would contact the support staff for my MDM provider, who would then escalate to their Apple reps, if necessary.


If you are trying to bypass all of that and do it on your own, then god help you. You may be able to find out more by using the "fdsetup" tool in Terminal. Normally, changing your password should also update the FileVault boot tokens. You should be able to use fdsetup to confirm that this process is or is not happening correctly.


It sounds like the easiest solution would be one of those VPN devices that brings the enterprise network right to the user. Otherwise, your work around sounds like the only way to actually do it.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

MacOS Filevault not syncing with Active Directory creds

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up