Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

macOS 10.14.4 work with AD : Keychain lost after updating password out of mac

Hi everyone,

I was told Apple finally fixed AD password syncing issues on macOS 10.14.4 several days ago, which I thought is great. (https://support.apple.com/en-us/HT209149#macos10144)

However I confirmed a new issue while using 10.14.4: If I change my AD password out of Mac, and use new password to login, normally it will require me to input old password to update keychain. This time, it did notice me about it, but no step to input the old password even I choose "Update Keychain Password", then it create a new keychain for me. As my company need cert to connect wifi, this is pretty annoying.

If anyone have same situation, you can try recovery your keychain by finding it in ~/Library/Keychains/XXXXXXX

Everything worked perfectly if I change password in mac, which IT department not recommend.

Appreciate a lot if anyone can offer Apple's explanation (links or mail reply) about it. A solution will even better.

Like Comment
Order by:
SOLVED Posted: by ClassicII

Interesting, as I have tested almost every single 10.14.4 password situation except for this one. I don't think I ever actually clicked "Update" to see if it worked.

I will test this out tomorrow.

You can take a look at all my testing on the active directory and local accounts fixes in 10.14.4

https://mrmacintosh.com/category/local-accounts/
https://mrmacintosh.com/category/ad-mobile-accounts/

Like
SOLVED Posted: by m.entholzner

Apple has confirmed that this is a known issue / bug / defect of 10.14.4. I'd suggest to raise an Enterprise ticket with Apple and add your +1 to this defect. So far I have no bug ID, but you can add your case to ours: 20000049607662

Like
SOLVED Posted: by ClassicII

@hawkzhang45 & @m.entholzner

Thanks for posting this, I have investigated and have also confirmed the issue. I wrote about it and posted a workaround for restoring the old login keychain.

https://mrmacintosh.com/10-14-4-update-breaks-update-keychain-password/

I also included an open radar.

Like
SOLVED Posted: by ddixon

@hawkzhang45 & @m.entholzner & @ClassicII

What I have never understood about this whole process, is the need to have an end user enter their old Active Directory created keychain password to change to their new Active Directory created keychain password, and not lose any of their keychain data. As someone that works in a place in a Helpdesk capacity. I must assist users in changing their forgotten passwords. The need for an end user to know and enter their old password, defeats the purpose of helping an end user change to a new password, if they cannot remember their old password. Which was the reason that they called the Helpdesk for help in the first place.

Like
SOLVED Posted: by unlimitedbalde

lol, I had met the same problem , hoping somebody help!!!

Like
SOLVED Posted: by ClassicII

This is still busted in 10.14.5

@m.entholzner

Any word from your ticket ?

Like
SOLVED Posted: by m.entholzner

@ClassicII , Apple told me that they don't disclose internal bug IDs... but as this is a known issue, you should be able to just set your +1 on this issue. But they also confirmed that this is not fixed in 10.14.5 - let's hope for 10.14.6...

Like
SOLVED Posted: by hawkzhang45

Working on it

Like
SOLVED Posted: by ClassicII

Not seeing any movement on the bug report so I filed an Enterprise Support Ticket this morning.

Like
SOLVED Posted: by ClassicII

@hawkzhang45

Just saw your post now, awesome work on the script! Let me test it out and if it works.

Like
SOLVED Posted: by takayuki

We also opened an Enterprise Support Ticket today to request Apple to include the fix to macOS 10.14.6 beta.

Like
SOLVED Posted: by ClassicII

Heads up,

This fix is not looking good making it into 10.14.

The latest word is it's fixed in 10.15 beta 2.

If this is important to your organization you better talk with Apple now.

@m.entholzner @takayuki @hawkzhang45

Like
SOLVED Posted: by takayuki

Thanks for your heads-up @ClassicII .

We also contacted Apple Enterprise Support to request to bring this fix to macOS 10.14.6.

Like
SOLVED Posted: by analog_kid

I've also opened an Enterprise support case regarding this issue with hopes they'll resolve it in 10.14.6.

Like
SOLVED Posted: by mikeh

I can confirm that the keychain password is updated properly in the latest 10.15 beta. Waiting for a response from Apple about making the fix available to 10.14.6.

Like
SOLVED Posted: by m.entholzner

same for us... we've also requested this to be fixed in 10.14.6 too.

Like
SOLVED Posted: by MTFMRCO

Has anyone had a chance to test 10.14.6 yet? Did Apple fix it? We have a ticket open with Apple support but they have yet to answer the question on 10.14.6...

Like
SOLVED Posted: by m.entholzner

there was no fix included in the latest beta - maybe this changed in the release version, but I fear this is still not fixed :(

Like
SOLVED Posted: by mschroder

I am always amazed how long it takes Apple to fix something. This makes the enterprise support quite a bad deal :(

Like