Active Directory password update not recognized on OS X 10.7.3?

How long has the Mac been bound to your AD environment? If its been a while, and by a while I mean the time it takes for your AD computer objects to negotiate the password change of the computer object. I think on OS X the default is 14 days.

Set how often the computer trust account password should be changed

$ dsconfigad -passinterval 0

I remember this causing some problems for us.


I tried both setting the interval to zero and setting a preferred domain controller, neither of which seemed to have any effect. I also (each time) deleted the "login" keychain and any reference to ActiveDirectory under the "System" keychain. And lots of rebooting. Nada.

Unbinding and rebinding was the only way I could get the login password to take, and it took as soon as I sent my credentials to rebind--in the middle of the session as that user (I was doing this on my own box because I could test different methods with impunity).

I would love to have a less intrusive solution (especially one I could manage via a terminal over ssh), but this is what I have for now.