Skip to main content
Question

Changing Active Directory password on command line


Forum|alt.badge.img+9
  • Valued Contributor
  • 173 replies

I'm in the process of putting together a script which is a sort of "all in one" thing for checking expiry and changing passwords. I know password changes can be done through the System Preferences GUI, but I was hoping on a method to do it via a script, as there's also some keychain tomfoolery that I want to include for proxy reasons.

I've looked around a bit - "smbpassword" doesn't exist anymore, and "dscl . passwd /Search/Users/$USER" gives me an "eDSAuthMethodNotSupported" error. This is on 10.8.5

Any clues you can throw my way?

5 replies

Forum|alt.badge.img+9
  • Author
  • Valued Contributor
  • 173 replies
  • November 28, 2013

Actually, after some more searching I've found that using:

dscl localhost passwd /Search/Users/$USER $oldPassword $newPassword

Seems to trigger it correctly (so I'm in the right direction), but it keeps coming back "eDSAuthPasswordQualityCheckFailed". For kicks, I tried changing it via the System Preferences GUI and it indeed thinks that I'm not meeting minimum requirements, which I most certainly am.

Has anyone seen this before?


Forum|alt.badge.img
  • New Contributor
  • 1 reply
  • November 29, 2013

Greetings Aaron,

I, out of curiosity, created a test account/profile and from another admin account was able to successfully run the above listed command via Terminal after elevating the permissions (sudo -s). Prior I also received an error. Not sure if this is of any assistance.

Regards,


bentoms
Forum|alt.badge.img+35
  • Legendary Contributor
  • 4331 replies
  • April 20, 2014

Fwiw, I'm using the following, in ADPassMon v2:

This is AppleScript & bash.

do shell script "dscl . -passwd /Users/$USER " & enteredOldPassword & " " & enteredNewPassword

Full bash world be like:

do shell script dscl . -passwd /Users/$USER $enteredOldPassword $enteredNewPassword

Forum|alt.badge.img+14
  • Contributor
  • 74 replies
  • September 26, 2014

I know I'm drudging up a fairly old topic, but @Aaron, did you ever come up with a solution for this? We're running into a similar problem in my district, as going through Users and Groups to change the password results in the same error about password minimum requirements, and dscl doesn't do the trick, either. Any input would be appreciated!


Forum|alt.badge.img+9
  • Author
  • Valued Contributor
  • 173 replies
  • September 28, 2014

Mostly, it's because we have a minimum password age which I had forgotten about.

I also had an issue where I was doing a search against the local db (dscl . -read, or dscl localhost -read) which was sometimes returning wonky results. So I ended up doing:

SEARCHPATH=`dscl localhost -read /Search CSPSearchPath | grep -m 1 "Active" | sed 's/^ *//'`
result=$(dscl "$SEARCHPATH" passwd "/Users/$USER" "$CURPASSWORD" "$NEWPASSWORD")

There's a bunch of stuff in between, but that's the general gist of it.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings