FileVault Preboot-Password is not synced after ActiveDirectory user-password update

Originator:labin
Number:rdar://35907251 Date Originated:07.12.2017
Status:dupe (35749703) Resolved:
Product:macOS Product Version:10.13.2
Classification: Reproducible:mostly always
 
Area:
Something not on this list

Summary:
After a change of password of a mobile user in Active Directory, the password in the Preboot-Filevault-authentication is not updated


Steps to Reproduce:
1. Set up FileVault (if you can at all in 10.13)
2. Log in with mobile user (Active Directory)
3. Change Password outside the OS (to prevent namespace/encoding problems)
4. Reboot
5. Log in with old password at PreBoot-Screen (expected)
6. Log in with new password at the LoginWindow
7. Enter old password to update the Keychain
8. Reboot again


Expected Results:
1. Set up FileVault (if you can at all in 10.13)
2. Log in with mobile user (Active Directory)
3. Change Password outside the OS (to prevent namespace/encoding problems)
4. Reboot
5. Log in with old password at PreBoot-Screen (expected)
6. Log in with new password at the LoginWindow
7. Enter old password to update the Keychain
8. Reboot again
9. The new password should unlock the PreBoot Screen


Actual Results:
9. The new password does not unlock the PreBoot Screen, but the old one does

Version/Build:
10.13.2 / 17C88

Impact: 1200 Machines that will not be updated to 10.13 until at least this and another FileVault-Bug filed previously (FileVault can not be activated) will be resolved

Comments

This bug is still alive and kicking as of Jan 2, 2018 in 10.13.2 latest release

Apple, please tell me that a bug fix is the works in 10.13.3 for this issue as well as the other FileVault issue (being able to enable a mobile (AD) User Account at the Preboot screen). This is only adding to the laundry list of things Apple has failed to address for the Enterprise environment user base. Thanks.

By adam.martin at Jan. 2, 2018, 4:37 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!