I was told Apple finally fixed AD password syncing issues on macOS 10.14.4 several days ago, which I thought is great. (https://support.apple.com/en-us/HT209149#macos10144)
However I confirmed a new issue while using 10.14.4: If I change my AD password out of Mac, and use new password to login, normally it will require me to input old password to update keychain. This time, it did notice me about it, but no step to input the old password even I choose "Update Keychain Password", then it create a new keychain for me. As my company need cert to connect wifi, this is pretty annoying.
If anyone have same situation, you can try recovery your keychain by finding it in ~/Library/Keychains/XXXXXXX
Everything worked perfectly if I change password in mac, which IT department not recommend.
Appreciate a lot if anyone can offer Apple's explanation (links or mail reply) about it. A solution will even better.