On the first login to a Monterey 12.3 (or later) mac – either clean install or OS upgrade – when on the campus network or at home and connected to the VPN - users will be presented with the following dialog box to “sign in” to ADSROOT:
For macOS 12.3, before you enter your Username and Password, click the “Options” drop-down and uncheck the “Sign in automatically” option (this will be checked by default.) You need to uncheck that option before continuing!
After unchecking “Sign in automatically”, please enter your uniqname and password as normal. When you then hit the “Sign In” button, you will receive this prompt:
Click on “Yes” at that point. After that, you will see another “Password Synchronization” dialog box that wants you to sync your Active Directory password with your computer password. These passwords should be the same password as your normal Kerberos/computer password:
Enter your password in both boxes and click the “Sync Password” button. This will give you the following result:
Click “OK” – and that should be it!
However: If your user did not deselect the “Sign in automatically” option, the next time they log out (or reboot) and reconnect to the campus network, the first dialog box will come up again. They will need to uncheck the “Sign in automatically” checkmark and enter their username/password again to get the “Yes/No” dialog box and select that.
LASTLY: if these boxes keep coming up at login after the user has gone through them all once with “Sign in automatically” unchecked – this means that there is some problem with the user’s Active Directory password.
To solve this problem, please do the following:
1 – Have the user change their UM password at https://password.it.umich.edu
2 – On the Mac, open System Preferences → Users & Groups and have the user change their computer password to the new UM password.
3 - Restart the Mac to confirm the user can unlock/log-in to the mac with the new password
4 – The Enterprise Connect dialog boxes will come up again – but when the user goes through them one more time to “sync” the passwords – that should be it!