Extension Attribute to pull AD password expiration from Enterprise Connect

New Contributor

We have been trying to find a way to pull the password expiration date for an AD user as we have had problems with people not being bound properly and then their password expiring and they can't change it with Enterprise Connect. Using the AD server doesn't work since if they are not bound we can't pull that information. It does seem like Enterprise connect might have the information we need. Does anyone have an extension Attribute to pull either the date the password was last changed or days until expiration date out of Enterprise Connect?


Contributor III

@jrweber2016 Take a look here. This should get you on the right track

New Contributor

The extension attribute is the easiest part. What is driving me nuts is that when the code is executed by Jamf at the client computer, each user will be prompted to accept or deny this action.


_U=$(stat -f "%Su" /dev/console)

cd /Applications/Enterprise Connect.app/Contents/SharedSupport/

echo "<result>$(sudo -u ${_U} ./eccl -p adPasswordDaysUntilExpiration 2> /dev/null | awk -F': ' '{print $2}')</result>"

Does anyone knows how can I whitelist the code?