I have significantly changed how ADPassMon gets password expiration values. With Windows Server 2008, MS introduced Fine Grained Password Policy, which could potentially make it difficult to determine the expiration date of passwords, so the exact date of account password expirations is computed and stored in a property called
msDS-UserPasswordExpiryTimeComputed that you can retrieve in OS X with a simple dscl lookup. Since this may not work in all environments, ADPassMon will fall back to the old method of looking up the information if the new method fails. Manual mode, where you enter the password expiration days, is still an option.
Other bug fixes / new features:
- ADPassMon will wait 15 seconds after waking before running to allow network connection to be established.
- Fixed accessibility check routine that runs on startup to add ADPassMon to list of apps allowed to control the GUI. (This is used to bring up OS X’s Change Password dialog box.)
- Fixed Change Password GUI scripting bug by adding a 1 second delay to allow the GUI to update fully.
- Added a connectivity check that will disable the Change Password and Refresh Kerberos Ticket menu items if the domain cannot be reached.
- Added a note to the preferences dialog box that instructs you to hit the Enter key if you change any of the text field values.