![]() A sync can only occur after unlocking the Mac and getting into the account. So a sync of the account password will NEVER happen at that screen, period. ![]() Even if you plug it into a wired connection. One of the big issues you run into here is that when a Mac is sitting at that FV2 login screen, there is no network connectivity. And 100% of the time when using a local account. I also recommend to users that they change their password using the SSO plug-in, because as noted, if a password is changed in AD or on a Windows machine, etc., most times FileVault will not get the password sync, even in cases when using an AD account on the Mac. I've begun to fully move away from this over the last year and go with local accounts that match the AD username and deploy a profile to enable the Apple SSO plug-in for them to keep their password in sync. Indeed, using AD cached mobile accounts on Macs is asking for trouble these days. Probably someone in your Active Directory team changing stuff without testing it on macOS. May want to check your environment, I very highly doubt anything changed on the Macs in the past few days to cause this issue. We also have to use mobile accounts which I am trying to get away from due to this reason among others. Apple REALLY does not want people using mobile accounts, and it feels actively makes it as poor of an experience as possible without breaking it all together. Rebuilding the profile is the only fix as you cannot log in to the account, nor reset the password using recovery since its mobile and not local. In our experiences if you reset a password on a different device (or the domain controller itself) the Mac has a random chance of desyncing the password and basically locking the user out of the mobile account. I have noticed if you change your PW in any location other than the Mac in question the FileVault password does not update. If you have your FileVault keys escrowed in JAMF you can just get one of those to get passed FileVault.
0 Comments
Leave a Reply. |