Mac Account Lockout Requiring Recovery Key


Mac user passwords can get out of sync when changing Active Directory password. This document contains steps to be performed by an administrator account.


If you encounter an issue where a user changed their password recently and they cannot login to their Mac then do the following actions:

  • Log in with administrator account
  • Open the Terminal application (click the magnifying glass in the top right and type in terminal).
    • Remove the account first from Filevault using this command:
      • ​​​​​​​sudo fdesetup remove -user <USERNAME>
      • Type in the administrator password
  • Log out and log back in as admin.  You might be able to skip down to the deprecated commands below, without logging out.
    • Open System Preferences > Privacy & Security > scroll down to "Filevault"
    • Click Enable Users... > put in the Administrator password > Have the user put in their password > Click ok.

Restart and have the user try to log in again - TWICE, to make sure they can log in on their own.


  • Re-add the account using this command:
  • sudo fdesetup add -usertoadd <USERNAME>
    • Hit enter, and type the following for the prompts:
      • Enter the user name: administrator
      • Enter the password for user 'administrator': <ADMINISTRATOR PASSWORD>
      • Enter the password for the added user  <User PASSWORD>
  • Restart the computer and have the user try to login again.




Article ID: 158035
Tue 3/26/24 11:12 AM
Thu 5/23/24 10:11 AM