- Jamf Nation Community
- Products
- Jamf Pro
- Changing Active Directory password on command line
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Changing Active Directory password on command line
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-27-2013 07:30 PM
I'm in the process of putting together a script which is a sort of "all in one" thing for checking expiry and changing passwords. I know password changes can be done through the System Preferences GUI, but I was hoping on a method to do it via a script, as there's also some keychain tomfoolery that I want to include for proxy reasons.
I've looked around a bit - "smbpassword" doesn't exist anymore, and "dscl . passwd /Search/Users/$USER" gives me an "eDSAuthMethodNotSupported" error. This is on 10.8.5
Any clues you can throw my way?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-27-2013 10:34 PM
Actually, after some more searching I've found that using:
dscl localhost passwd /Search/Users/$USER $oldPassword $newPasswordSeems to trigger it correctly (so I'm in the right direction), but it keeps coming back "eDSAuthPasswordQualityCheckFailed". For kicks, I tried changing it via the System Preferences GUI and it indeed thinks that I'm not meeting minimum requirements, which I most certainly am.
Has anyone seen this before?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-29-2013 07:27 AM
Greetings Aaron,
I, out of curiosity, created a test account/profile and from another admin account was able to successfully run the above listed command via Terminal after elevating the permissions (sudo -s). Prior I also received an error. Not sure if this is of any assistance.
Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-19-2014 11:51 PM
Fwiw, I'm using the following, in ADPassMon v2:
This is AppleScript & bash.
do shell script "dscl . -passwd /Users/$USER " & enteredOldPassword & " " & enteredNewPasswordFull bash world be like:
do shell script dscl . -passwd /Users/$USER $enteredOldPassword $enteredNewPassword
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-26-2014 02:50 PM
I know I'm drudging up a fairly old topic, but @Aaron, did you ever come up with a solution for this? We're running into a similar problem in my district, as going through Users and Groups to change the password results in the same error about password minimum requirements, and dscl doesn't do the trick, either. Any input would be appreciated!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-28-2014 04:24 PM
Mostly, it's because we have a minimum password age which I had forgotten about.
I also had an issue where I was doing a search against the local db (dscl . -read, or dscl localhost -read) which was sometimes returning wonky results. So I ended up doing:
SEARCHPATH=`dscl localhost -read /Search CSPSearchPath | grep -m 1 "Active" | sed 's/^ *//'`
result=$(dscl "$SEARCHPATH" passwd "/Users/$USER" "$CURPASSWORD" "$NEWPASSWORD")There's a bunch of stuff in between, but that's the general gist of it.
