Setting up a new MBP (mojave) for a user to replace their iMac. Mac is bound to our Active Directory and test AD account can login and create mobile user without issue. The user that already has a Mac (managed, mobile account) cannot login using AD credentials. The user has never logged into the new MBP, and can still login to iMac with AD credentials.
Things I have tried:
- Unbind/Re-Bind to AD
- Checked domain controller, no login attempt registered unless using incorrect password. The MBP computer object does authenticate with the DC and other user logins do too.
id <ad username>
resolves properly showing the user.- Checked system.log, but nothing stands out. Searching username returns nothing.
Any ideas?
Best Answer
Still not exactly sure what caused this, but here is what I did and it worked.
On the old iMac:
In active directory:
Now I am able to login to the MBP with the AD network account to create the mobile account. Hopefully this helps someone else if they come across this. At first glance this just sounds like incorrect password, but using the right password would not add to the badpwdcount in AD, and using an incorrect one on purpose would. Also the original iMac & a Windows machine were able to login to the mobile account using the correct password.