ADPassMon v1.11.0 pre-release — please test

This pre-release contains a few significant changes, so I need your help testing it to make sure I haven’t inadvertently broken anything…

I have significantly changed how ADPassMon gets password expiration values. With Windows Server 2008, MS introduced Fine Grained Password Policy, which could potentially make it difficult to determine the expiration date of passwords, so the exact date of account password expirations is computed and stored in a property called msDS-UserPasswordExpiryTimeComputed that you can retrieve in OS X with a simple dscl lookup. Since this may not work in all environments, ADPassMon will fall back to the old method of looking up the information if the new method fails. Manual mode, where you enter the password expiration days, is still an option.

I’ve also added a connectivity check that will disable the Change Password and Refresh Kerberos Ticket menu items if the domain cannot be reached.

Lastly, in addition to a few cosmetic changes, I have added a note to the preferences dialog box that instructs you to hit the Enter key if you change any of the text field values.

Download the pre-release here, and please let me know how this version works for you by either commenting here or at github.

UPDATE: Link now points to the b2 release which adds a 15-second delay upon computer wake before ADPassMon runs its checks.


5 thoughts on “ADPassMon v1.11.0 pre-release — please test

  1. Awesome job!, thanks Peter,

    Could you advise me what command you’re using in V1.11 so i can make an extension attribute for our JSS, i can then see if all the Macs are reporting the correct expiry date, the attribute i used for testing ADPassMon V1.10 is
    user=/usr/bin/who | /usr/bin/awk '/console/{ print $1 }'
    lastpwdMS=dscl localhost read /Local/Default/Users/$user | grep SMBPasswordLastSet | cut -d' ' -f 2
    todayUnix=date "+%s"
    lastpwdUnix=expr $lastpwdMS / 10000000 - 11644473600
    diffUnix=expr $todayUnix - $lastpwdUnix
    diffdays=expr $diffUnix / 86400
    daysremaining=expr $pwPolicy - $diffdays
    echo “$daysremaining”


  2. Cheers!

    I’m testing 1.11.0b and it’s reporting my expiry date correctly, also the change password + refresh kerberos ticket options grey out almost instantly when i disconnect from the VPN and can’t reach our LDAP, great work!

    I’d like to see the amount of days till expiration returned from the the JSS EA (sorry i’d asked for the expiry date)

    I’ve tried using your script to show the
    days till expiration and it doesn’t return daysUntilExp, is this script the used in 1.11.0b ?
    here’s the output:

    No such key: userAccountControl
    No such key: SMBPasswordLastSet
    (standard_in) 1: parse error
    (standard_in) 1: parse error
    (standard_in) 1: parse error
    mySearchBase: DC=domain,DC=com
    passExpires: yes
    expireAgeDays: 60
    todayUnix: 1436558647
    today: 16626.83619212962962962962

Comments are closed.