# AD user cannot change AD password on AD bound Mac



## Gandalf123 (Jan 27, 2008)

Hi,

Last year we sucessfully bound several Mac Pros and iMac G5s to our Active Directory Domain. So the users log onto their Macs using their domain credentials.
They use the Accounts pref pane in System Preferences to change their AD password. So far this has worked for all these users until the other day when just one of these users is not able to change their AD password. When they attempt to change it they get an error saying something about not meeting password requirements etc etc. I asked the user to log onto another Mac bound to the AD and try changing their AD password from there but the same error occurs.
All other users that log onto their Macs with AD logins can change their AD passwords in the Accounts pref pane, no problem. 
I guess the fact that this user cannot change their password from 2 different Macs would suggest that the problem is with the AD account. I should also mention that this user is still able to log onto their Mac using the AD login and they are trying to change it because they are getting a prompt that their password will expire in 2 days time. Their login is definately valid as they log onto their MAC and also onto the fileserver authenticated by the AD fine.
It's just password changing that is not working.


----------



## Satcomer (Jan 27, 2008)

What OS X version are they running? Plus have you checked out the reports at MacWindows.com?


----------



## Gandalf123 (Feb 6, 2008)

All our OSX Macs that are bound to the AD are running either OSX 10.4.10 or 10.4.11.
I need to correct my original post to say that the change password problem only occurs from ONE particular Mac only.
Any user with an AD account can log into the Mac and log onto fileservers using their AD login but no user can change their AD password from the Accounts preference pane. Very strange.
I spoke to the domain administrator and he has looked through the log files on the AD controller and there are no entries logged when the change password request has been made but if the user goes onto another bound Mac, she can change her password and domain controller logs the request, handshake etc etc. Seems like the Mac is not even sending the change passwordrequest to the AD but obviously does communicate with it because the user is able to log onto the Mac and onto fileservers so authentification does appear to be working.
I think I've exhausted all areas to try and resolve or at least isolate the problem and the only thing I have left is to reimage the Mac. Perhaps I should have done this in the first place, would've been quicker !


----------

