Does active directory lock when updating
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users.Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.Senior management doesn't really like it when i tell them this is a known Apple issue.Seems like i've had to say that a lot with High Sierra.Did you verify you entered the users UUID correctly?That error occurs when the UUID is not formatted properly.We solve it by logging in with our support account and running the fdesetup command in terminal to remove them, then add them back in.sudo fdesetup remove -add We've had success with the FDE commands but seem to have to wait a day to get them added back in. Will be trying @hkabik solution today I am sure as more people are stopping by.
Apple Setup Done file from /var/db/ and creating a new "first" admin account that gets a secure token.
I also think that part of the issue is the Key Chain app not working 100% right all of the time...
C I did find a weird way around everything to get them synced again, but you have to have a working local account with a secure token that you can added to File Vault remove the FV user having issues and then re-add them back.
Sometimes the computer password would update, but every time the preboot password did not.
Our fix was to have the users open Terminal and We've had several people come down where their username appears at the encryption login screen, but won't accept the password (new one or old one).
I've had 3 cases of mobile account users on High Sierra (10.13.3) changing their Active Directory password then finding the password doesn't get updated for File Vault. The updated password works in mac OS once File Vault is unlocked by another user.