We have a number of Mac workstations in our office all joined to Active Directory and managed through Profile Manager on an OS X Server. Through Active Directory we force our employees to update their passwords every 60-90 days.
We're finding that our employees will use one of our Mac workstations to test something, and then not use it again for months. By this time their Active Directory password may have changed 1 to 3 times. When they go to log onto the Mac workstation they were on months ago, they are bombarded with keychain prompts asking for their old password. By this point in time, the employee has no clue what their previous password was, and will request assistance deleting their existing login keychain on that system.
Is there any way to prevent this from happening? This isn't an issue for our employees who use the same Mac on a day-to-day basis because when they update their AD password, they are prompted to update their keychain password. But in a development environment, it is starting to become cumbersome.
We're finding that our employees will use one of our Mac workstations to test something, and then not use it again for months. By this time their Active Directory password may have changed 1 to 3 times. When they go to log onto the Mac workstation they were on months ago, they are bombarded with keychain prompts asking for their old password. By this point in time, the employee has no clue what their previous password was, and will request assistance deleting their existing login keychain on that system.
Is there any way to prevent this from happening? This isn't an issue for our employees who use the same Mac on a day-to-day basis because when they update their AD password, they are prompted to update their keychain password. But in a development environment, it is starting to become cumbersome.