ADPassMon v1.11.0 pre-release — please test

This pre-release contains a few significant changes, so I need your help testing it to make sure I haven’t inadvertently broken anything…

I have significantly changed how ADPassMon gets password expiration values. With Windows Server 2008, MS introduced Fine Grained Password Policy, which could potentially make it difficult to determine the expiration date of passwords, so the exact date of account password expirations is computed and stored in a property called msDS-UserPasswordExpiryTimeComputed that you can retrieve in OS X with a simple dscl lookup. Since this may not work in all environments, ADPassMon will fall back to the old method of looking up the information if the new method fails. Manual mode, where you enter the password expiration days, is still an option.

I’ve also added a connectivity check that will disable the Change Password and Refresh Kerberos Ticket menu items if the domain cannot be reached.

Lastly, in addition to a few cosmetic changes, I have added a note to the preferences dialog box that instructs you to hit the Enter key if you change any of the text field values.

Download the pre-release here, and please let me know how this version works for you by either commenting here or at github.

ADPassMon updated to 1.10.3

This release fixes a long-standing assumption (bug??). Until now, ADPassMon has assumed that your Mac’s primary DNS server is also an Active Directory server that can answer LDAP queries. With this release, AD LDAP server information is retrieved using the ‘dsconfigad’ and ‘dig’ commands. Specifically, the AD domain is retrieved using this command

dsconfigad -show | awk '/Active Directory Domain/{print $NF}'

and the output of this command is used in the following dig command

dig -t srv _ldap._tcp.DOMAIN | /usr/bin/awk '/^_ldap/{print $NF}'

Also new with this release:

I will now be hosting ADPassMon releases on GitHub instead of Dropbox. Please visit my ADPassMon releases page to download version 1.10.3.

ADPassMon updated to v1.9.8

Major changes:

  • ADPassMon now requires OS X 10.8. (ADPassMon v1.9 is still available for 10.6 and 10.7)
  • It now detects if a password is set to never expire and halts further checking. The menu will display ‘[–]‘ in this case. (Thanks to Luis Giraldo for pointing out this oversight on GitHub.)

Minor changes:

  • Some log entries were removed and others were slightly modified
  • Replaced “Quit ADPassMon” in menu with “Exit”

Download version 1.9.8 here.

ADPassMon updated to v1.9.6

This version fixes an issue where the “Change Password” and “Refresh Kerberos Ticket” menu items would be grayed out incorrectly. ADPassMon is supposed to only disable these options if the AD domain cannot be reached. I was doing a simple number comparison between two values, but had far too much precision and clock drift would throw it off. I now use fewer significant digits in the comparison.

Download ADPassMon v1.9.6 here.

(You may have notices I’ve seemingly skipped 1.9.5. It was a quiet release of 1.9.5 that introduced a bug, so I pulled it.)