User profile for user: switchfly
switchfly Author
User level: Level 1
8 points

Issues with Active Directory and Mobile Account not syncing.

A couple of my remote MacOS users with AD accounts are unable to sync their filevault and AD creds. Typically we have users log into the VPN and then change passwords locally in system preferences. In a couple of cases I have users who can’t seem to authenticate to the domain from their login screens. We have another local account on all our machines that is just a non-admin VPN access account. The current work around is to log in there, get on the VPN and switch user (which takes their AD creds). This is a temporary fix and reboots prompt the issue to return. I’ve checked and they both have Secure Token enabled. Is there a good fix for this? One of my co-workers suggested I rebind the machines to our domain but I’d like to avoid that. Happens with Catalina and Big Sur.

MacBook

Posted on May 17, 2021 11:03 AM

Reply

Similar questions

2 replies
User profile for user: a brody
a brody
User level: Level 10
85,314 points

May 17, 2021 12:05 PM in response to switchfly

Filevault credentials can be managed by JAMF. You may want to research into that.


As for the active directory rebinding issues, a lot has to do with the VPN software used and the domain controller's connection and your OUs.


I have experience in my work using Cisco AnyConnect with RSA SecureID. Even so, binding can get messed up. It can be especially a problem with administrative mobile accounts, and non-unique active directory computer names. Be sure the machine has a unique name before binding it.



Reply
User profile for user: switchfly
switchfly Author
User level: Level 1
8 points

May 17, 2021 12:12 PM in response to a brody

Thanks for your response.


So I'm confident the AD object name is unique.


I do have JAMF so I will for sure look into that option.


I am fairly sure the users were on the VPN (GlobalProtect) during the password change but I can't say for sure. Had some suggest using FDEsetup command via Terminal but I've been holding out for an easier fix. Can't kick the can down the road much longer though :-(



Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Issues with Active Directory and Mobile Account not syncing.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up