Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3397: How to update an AD password for a remote user on Mac OS X

Centrify Identity Service, Mac Edition ,  

15 July,15 at 03:16 PM

Applies to: All versions of Centrify DirectControl on Mac OS X

 
Question:
 
A remote user either needs to update their password, or has forgotten their credentials and need to have it reset while offsite.
 
However they are not connected to the domain and cannot come into the office to physically connect the Mac online.
 
How can their credentials be reset while offline?

 
Answer:
 
The cached password hash is only updated during a "Connected" login process, this means the only way to update the password remotely is go through a VPN.
 
Please see the following KB for making sure Centrify goes into "Connected" mode over VPN:
 
To see which mode the Mac is currently in, users with version 5.1 and later can go to:
 
  System Preferences > Centrify > Look for the "CentrifyDC mode" in Account Configuration.
 
User-added image
 
For versions prior to 5.1, open the Terminal and run the command: adinfo
 
Look for the line that reads:
 
CentrifyDC mode: Connected
 
=== 
 
Updating the password over VPN:
 
(If the AD user is still logged into their own session on the Mac)
  1. Connect the Mac to the VPN and check that it goes into Connected mode (See above)
  2. Once the Mac is in Connected mode, update the password using either of the following methods:
    • System Preferences > Users & Groups > Change Password
    • System Preferences > Centrify > AD Password Check > Now
  3. Once the password has been updated, the VPN can be disconnected.
 
 
(If the AD user is no longer able to access their account)
  1. Reset the user's password from Active Directory (or with any other password-reset service).
  2. Login to the Mac with a secondary account (such as Local Admin) and connect the Mac to the VPN.
  3. Once the Mac is in Connected mode, open the Terminal and type:

    login ad_username

    (Where ad_username is the username of the user who forgot their credentials)
  4. Enter the new password when prompted and the local cache will be synced as well.
  5. The user will now be able to login normally with their new password.
 
 
 
Note: 
 
This method can also be used if the user is no longer able to login after resetting their password elsewhere. See:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.