Active Directory Password Minders for Mac OS X
Password Expiration Checker — an AppleScript for OS X Tiger & Leopard, updated 8/28/08
This script is meant to be used as a login item (but you can deploy it any way you wish) in environments where Macs are bound to AD with Apple’s Directory Services plug-in. (Sorry, no ADmitMac support yet.) I’ve taken some time to make it as universal as I can, so it should work without any modification.
When it runs, it will display a dialog box if the password expires within the number of days you specify, otherwise it exits quietly. Prior to deploying, be sure to set the warningDays variable to your desired value and — if deploying as a Login Item — save the script as an application.
- Following a tip from reader Roel, I modified the script to properly recognize first and last names containing spaces.
Password Expiration Checker (alternate) — an AppleScript for OS X Tiger & Leopard, updated 9/28/09
Download this alternate version if the above version does not work for you. Whereas the above script attempts to discover information about your AD environment on its own, this script requires you to manually input your site’s AD information.
- Added ability to manually specify password expiration interval
- Added ability to enable/disable personalization of dialog box (i.e. show user’s first and last name)
- Cleaned up comments within the script
- Added ability to manually specify password expiration age
- Added logic to detect OS version so the script will use separate commands to determine password age on Tiger and Leopard (or greater).
- Fixed the command that runs on Tiger machines. Many thanks to reader Raul Santos for allowing me to remotely control his machine to troubleshoot and fix this issue.
AD Password Expiration Widget, v2 — a Dashboard widget for OS X Leopard, version 2.1, updated 7/11/08
This dashboard widget displays the number of days until the user’s Active Directory password expires. The number is superimposed on a status light that is green if there are more than 30 days to go, is yellow if between 30 and 15 days are left, and is red if 14 or fewer days remain. It also provides a ‘change password now’ button, for convenience. The widget re-uses parts of the first script above, so it has the same environmental requirements.
This update brings you offline functionality — the widget will report the correct number of days even when you’re away from the domain. Also, the rear of the widget display the time and date that it last polled AD. If you’re looking for an easy way to give your mobile users an easy way to manage their own password expiration, then this is for you.