Help

Changing Active Directory password on command line

Aaron
Contributor II

Posted on ‎11-27-2013 07:30 PM

I'm in the process of putting together a script which is a sort of "all in one" thing for checking expiry and changing passwords. I know password changes can be done through the System Preferences GUI, but I was hoping on a method to do it via a script, as there's also some keychain tomfoolery that I want to include for proxy reasons.

I've looked around a bit - "smbpassword" doesn't exist anymore, and "dscl . passwd /Search/Users/$USER" gives me an "eDSAuthMethodNotSupported" error. This is on 10.8.5

Any clues you can throw my way?

0 Kudos
5 REPLIES 5

Aaron
Contributor II

Posted on ‎11-27-2013 10:34 PM

Actually, after some more searching I've found that using:

dscl localhost passwd /Search/Users/$USER $oldPassword $newPassword

Seems to trigger it correctly (so I'm in the right direction), but it keeps coming back "eDSAuthPasswordQualityCheckFailed". For kicks, I tried changing it via the System Preferences GUI and it indeed thinks that I'm not meeting minimum requirements, which I most certainly am.

Has anyone seen this before?

0 Kudos

pbarceneaux
New Contributor

Posted on ‎11-29-2013 07:27 AM

Greetings Aaron,

I, out of curiosity, created a test account/profile and from another admin account was able to successfully run the above listed command via Terminal after elevating the permissions (sudo -s). Prior I also received an error. Not sure if this is of any assistance.

Regards,

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎04-19-2014 11:51 PM

Fwiw, I'm using the following, in ADPassMon v2:

This is AppleScript & bash. 

do shell script "dscl . -passwd /Users/$USER " & enteredOldPassword & " " & enteredNewPassword

Full bash world be like:

do shell script dscl . -passwd /Users/$USER $enteredOldPassword $enteredNewPassword
0 Kudos

NoahRJ
Contributor II

Posted on ‎09-26-2014 02:50 PM

I know I'm drudging up a fairly old topic, but @Aaron, did you ever come up with a solution for this? We're running into a similar problem in my district, as going through Users and Groups to change the password results in the same error about password minimum requirements, and dscl doesn't do the trick, either. Any input would be appreciated!

0 Kudos

Aaron
Contributor II

Posted on ‎09-28-2014 04:24 PM

Mostly, it's because we have a minimum password age which I had forgotten about.

I also had an issue where I was doing a search against the local db (dscl . -read, or dscl localhost -read) which was sometimes returning wonky results. So I ended up doing:

SEARCHPATH=`dscl localhost -read /Search CSPSearchPath | grep -m 1 "Active" | sed 's/^ *//'`
result=$(dscl "$SEARCHPATH" passwd "/Users/$USER" "$CURPASSWORD" "$NEWPASSWORD")

There's a bunch of stuff in between, but that's the general gist of it.

0 Kudos