Applies to: All versions of Centrify DirectControl on Mac OS X
A remote user either needs to update their password, or has forgotten their credentials and need to have it reset while offsite.
However they are not connected to the domain and cannot come into the office to physically connect the Mac online.
How can their credentials be reset while offline?
The cached password hash is only updated during a "Connected" login process, this means the only way to update the password remotely is go through a VPN.
Please see the following KB for making sure Centrify goes into "Connected" mode over VPN:
To see which mode the Mac is currently in, users with version 5.1 and later can go to:
System Preferences > Centrify > Look for the "CentrifyDC mode" in Account Configuration.
For versions prior to 5.1, open the Terminal and run the command: adinfo
Look for the line that reads:
CentrifyDC mode: Connected
Updating the password over VPN:
(If the AD user is still logged into their own session on the Mac)
Connect the Mac to the VPN and check that it goes into Connected mode (See above)
Once the Mac is in Connected mode, update the password using either of the following methods:
Once the password has been updated, the VPN can be disconnected.
(If the AD user is no longer able to access their account)
Reset the user's password from Active Directory (or with any other password-reset service).
Login to the Mac with a secondary account (such as Local Admin) and connect the Mac to the VPN.
Once the Mac is in Connected mode, open the Terminal and type:
(Where ad_username is the username of the user who forgot their credentials)
Enter the new password when prompted and the local cache will be synced as well.
The user will now be able to login normally with their new password.
This method can also be used if the user is no longer able to login after resetting their password elsewhere. See: