ADPassMon updated to v1.11.3

Hot on the heels of v1.11.2, this release addresses two issues:

  • Fixed an annoying bug where the Use Notifications checkbox in the Preferences window, and both the Enable Notifications and Enable KerbMinder menu items would not change state the first time they are selected.
  • Added a log entry for when ADPassMon triggers a Notification Center alert to help troubleshoot an issue where notifications were not being spawned.

Download this release from GitHub.

ADPassMon updated to v1.11.1

Alas, v1.11.0 was short-lived. (Is this what the call continuous delivery?) Fixing the accessibility test in the previous release revealed a bug in the accessibility test — thanks to Jason Bush for pointing it out — where ADPassMon asks to be allowed to control the GUI even if it has already been given permission to do so.

This version makes the test more robust, and also adds an accTest preference item. Setting this to ‘0’ manually will disable the accessibility test, e.g.

defaults write org.pmbuko.ADPassMon accTest 0

If you are packaging this app for deployment in your environment, you can add the above command to a post-install script.

Download the latest build here

ADPassMon updated to v1.11.0 (final)

I have significantly changed how ADPassMon gets password expiration values. With Windows Server 2008, MS introduced Fine Grained Password Policy, which could potentially make it difficult to determine the expiration date of passwords, so the exact date of account password expirations is computed and stored in a property called msDS-UserPasswordExpiryTimeComputed that you can retrieve in OS X with a simple dscl lookup. Since this may not work in all environments, ADPassMon will fall back to the old method of looking up the information if the new method fails. Manual mode, where you enter the password expiration days, is still an option.

Other bug fixes / new features:

  • ADPassMon will wait 15 seconds after waking before running to allow network connection to be established.
  • Fixed accessibility check routine that runs on startup to add ADPassMon to list of apps allowed to control the GUI. (This is used to bring up OS X’s Change Password dialog box.)
  • Fixed Change Password GUI scripting bug by adding a 1 second delay to allow the GUI to update fully.
  • Added a connectivity check that will disable the Change Password and Refresh Kerberos Ticket menu items if the domain cannot be reached.
  • Added a note to the preferences dialog box that instructs you to hit the Enter key if you change any of the text field values.

Download the latest release here.

ADPassMon v1.11.0 pre-release — please test

This pre-release contains a few significant changes, so I need your help testing it to make sure I haven’t inadvertently broken anything…

I have significantly changed how ADPassMon gets password expiration values. With Windows Server 2008, MS introduced Fine Grained Password Policy, which could potentially make it difficult to determine the expiration date of passwords, so the exact date of account password expirations is computed and stored in a property called msDS-UserPasswordExpiryTimeComputed that you can retrieve in OS X with a simple dscl lookup. Since this may not work in all environments, ADPassMon will fall back to the old method of looking up the information if the new method fails. Manual mode, where you enter the password expiration days, is still an option.

I’ve also added a connectivity check that will disable the Change Password and Refresh Kerberos Ticket menu items if the domain cannot be reached.

Lastly, in addition to a few cosmetic changes, I have added a note to the preferences dialog box that instructs you to hit the Enter key if you change any of the text field values.

Download the pre-release here, and please let me know how this version works for you by either commenting here or at github.

UPDATE: Link now points to the b2 release which adds a 15-second delay upon computer wake before ADPassMon runs its checks.

ADPassMon updated to 1.10.3

This release fixes a long-standing assumption (bug??). Until now, ADPassMon has assumed that your Mac’s primary DNS server is also an Active Directory server that can answer LDAP queries. With this release, AD LDAP server information is retrieved using the ‘dsconfigad’ and ‘dig’ commands. Specifically, the AD domain is retrieved using this command

dsconfigad -show | awk '/Active Directory Domain/{print $NF}'

and the output of this command is used in the following dig command

dig -t srv _ldap._tcp.DOMAIN | /usr/bin/awk '/^_ldap/{print $NF}'

Also new with this release:

I will now be hosting ADPassMon releases on GitHub instead of Dropbox. Please visit my ADPassMon releases page to download version 1.10.3.