Filevault - expertise needed

Did you checked the box of my password doesn't work when logging in and click on next and see what are the upcoming steps .

And also firmware password should not be enabled in your Mac ( in case if is used it should be disabled ) also when Apple ID is signed in , the latest changes are it will ask for security questions and answers on appleid.apple.com correct answers are to be filled up then the user can login .

In your question you wrote - Authentication server refused operation because the current credentials are not authorized for the requested operation .

See the steps in the article about account recovery .

Recover your Apple ID with two-factor authentication account recovery - Apple Support

See this article Change or reset the password of a macOS user account - Apple Support

You must follow the paragraph -

Reset using the Reset Password assistant (FileVault must be on)

if it doesn't work multiple method are there to reset password .

Also sometimes login keychain is deleted from keychain access , the last paragraph is giving the method to create new login keychain . And do you use iCloud Keychain .

You need file vault key to unlock the HD if in any case this is not in records you have to take Mac to apple authorised service centre with the original invoice and you can read this article also Use FileVault to encrypt the startup disk on your Mac - Apple Support

Your original post says that the user changed their password for AD. Just to clarify, is the user’s Mac bound to a server? Would their personal data be stored only on their Mac or would it be stored on the server?

That’s unfortunate. If another user doesn’t exist on the MacBook then the only way to get around FileVault is to erase your startup disk and lose all of your data.

That being said, if the MacBook is AD bound and the user changed their password for AD, I’d assume that the data is actually stored on the AD server and the MacBook merely displays it on the desktop so that it can be viewed, edited or deleted remotely. The system itself is certainly encrypted, but I doubt if any personal files are really on there.

Does more than one user show up at the FileVault login window (other than the guest account)? If so, are any of these other users administrators?

I’m surprised that Password Reset Assistant refuses to let you reset your password even though you have the correct Apple ID. Maybe your AD administrator has to reset the password for you in order for it to be accepted.

Regardless, does FileVault offer an “Other” button that allows you to log in as the administrator? Or are you only able to log in as the one user?

If you’re only able to log in as the one user, unfortunately your only option now is to erase your Mac and to reinstall macOS in order to get around FileVault.

If you are able to log in as the administrator at the FileVault login screen, you can resync the user’s password with FileVault by disabling FileVault, then turning it back on again.

Without knowing the Filevault password you can not access your hard disk. It's encrypted. You've no way to unlock it.