+6We are using Jamf Connect and Azure to sync accounts/passwords with MacOS. The computers are not AD bound. Is it possible to get Jamf to warn users when their password is set to expire (we have a company policy to reset every 90 days)?
If not, what are other fellow admins doing in this case?
Below command will give you the password expiration date, you can create a script to give a popup or notification to the users nearing password expiry by creating smart group and a script.
defaults read com.jamf.connect.state | grep ComputedPasswordExpireDate | awk {'print $3'} | sed 's/"//'
(run the command on logged in users session)
+4Below command will give you the password expiration date, you can create a script to give a popup or notification to the users nearing password expiry by creating smart group and a script.
defaults read com.jamf.connect.state | grep ComputedPasswordExpireDate | awk {'print $3'} | sed 's/"//'
(run the command on logged in users session)
I'm in the same situation, but com.jamf.connect.state doesn't contain ComputedPasswordExpireDate.
I only get DisplayName, LastSignIn and PasswordCurrent.
+1I'm in the same situation, but com.jamf.connect.state doesn't contain ComputedPasswordExpireDate.
I only get DisplayName, LastSignIn and PasswordCurrent.
Did you ever find a solution as I'm seeing the same thing.
+6We pretty much solved this, but it does require an on-prem AD still (which we have in our hybrid environment).
With these 3 steps, your users will get password expiration details to show up on the jamf connect menu bar icon. And the Jamf application will push notifications to MacOS when the ExpirationNotificationStartDay time hits. A countdown number will also start to appear on the menu bar icon when the ExpirationCountdownStartDay time hits.
+6We pretty much solved this, but it does require an on-prem AD still (which we have in our hybrid environment).
With these 3 steps, your users will get password expiration details to show up on the jamf connect menu bar icon. And the Jamf application will push notifications to MacOS when the ExpirationNotificationStartDay time hits. A countdown number will also start to appear on the menu bar icon when the ExpirationCountdownStartDay time hits.
I should have noted that even though this solution needs an on-prem AD, it does NOT need the Mac to be AD bound. It just needs a network communication to a domain controller that stores the AD user account info. This is how Jamf can read the expiration details. I have not found a way to get these details using only Azure.
+5We pretty much solved this, but it does require an on-prem AD still (which we have in our hybrid environment).
With these 3 steps, your users will get password expiration details to show up on the jamf connect menu bar icon. And the Jamf application will push notifications to MacOS when the ExpirationNotificationStartDay time hits. A countdown number will also start to appear on the menu bar icon when the ExpirationCountdownStartDay time hits.
How do you set a "default realm" in the Jamf Connect Config Profile?
+5Ahh found it. Had to add the following into the Jamf Connect (Menu) Configuration Profile. This allowed this to work in a hybrid config (without a kerberos ticket via AD Join).
<key>PasswordPolicies</key>
<dict> <key>NetworkCheck</key>
<integer>15</integer>
<key>SyncPasswordsMessage</key>
<string>Your local and network passwords do not match. Enter your current local password to sync it with your network password </string>
<string>passwordexpiration</string>
<key>ExpirationCountdownStartDay</key>
<integer>30</integer>
<key>ExpirationNotificationStartDay</key>
<integer>14</integer> </dict>
<key>Kerberos</key> <dict>
<key>Realm</key>
<string>DOMAINGOESHERE.NET</string>
</dict>
Hope this helps others struggling with Password Expiration Notifications in Hybrid Environments (or those who have local AD but don't use it for their macs because of kerberos). #Hybrid #PasswordExpiration #Notifications #JamfConnect
+4We pretty much solved this, but it does require an on-prem AD still (which we have in our hybrid environment).
With these 3 steps, your users will get password expiration details to show up on the jamf connect menu bar icon. And the Jamf application will push notifications to MacOS when the ExpirationNotificationStartDay time hits. A countdown number will also start to appear on the menu bar icon when the ExpirationCountdownStartDay time hits.
Hello, I'm struggling getting notifications to work. I've set both ExpirationCountdownStartDay and ExpirationNotificationStartDay to 90, which should trigger notifications immediately. The countdown (89d) displays in the menubar, but I get no notification. (I have done step 3)
+4I should have noted that even though this solution needs an on-prem AD, it does NOT need the Mac to be AD bound. It just needs a network communication to a domain controller that stores the AD user account info. This is how Jamf can read the expiration details. I have not found a way to get these details using only Azure.
We enabled EnforceCloudPasswordPolicyForPasswordSyncedUsers in Azure in hopes to get the expiration details to Jamf Connect via Azure, but to no avail.
+8You can use the Jamf Connect Configuration application - which is included in the .dmg - to easy generate the appropriate configuration to not only display the number of days to expiry, but also to use a native notification - as shown below - to prompt the user to change.
+11You can use the Jamf Connect Configuration application - which is included in the .dmg - to easy generate the appropriate configuration to not only display the number of days to expiry, but also to use a native notification - as shown below - to prompt the user to change.
Which settings did you configure to show this?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
