Posted on 02-14-2019 05:56 AM
I need to detect if a user has locked their account (by typing an incorrect password x times).
Is anyone else reporting on this?
Posted on 02-25-2019 08:32 AM
<bump>
Anybody?
Posted on 02-25-2019 09:15 AM
Check out this post: https://kevinbecker.org/blog/2015/09/17/unlock-an-active-directory-account-using-mac-os-x-directory-...
My org doesn't have the lockoutTime attribute, but you might have it. If you do, then you could create an extension attribute that pulls that value. Use grep or awk to narrow down the exact value you need.
lockoutTime
grep
awk
/usr/bin/dscl . -read /Users/$userNameHere | grep lockoutTime
never-displayed
