Posted on 04-27-2018 12:42 PM
I'm trying to figure out a 'one line' command for this.
On windows I could:
net user username /domain
and it shows up in the results in human format
On the mac I can do this:
dscl "/Active Directory/DOMAINNAME/" -read /Users/USERNAME pwdLastSet
but the format is in nanoseconds. I don't know how to convert it to a real date. Can anyone assist?
Solved! Go to Solution.
Posted on 04-30-2018 12:45 PM
The markdown tags are right above where you type in your message.
I see the problem, didn't expect the result to not just be the number.
#!/bin/bash
adPwdLastSetNT=$(dscl "/Active Directory/DOMAINNAME/" -read /Users/USERNAME pwdLastSet | awk '{print $NF}')
adPwdLastSetHuman=$(date -j -f "%s" "$((($adPwdLastSetNT/10000000)-11644473600))" "+%x %X")
echo $adPwdLastSetHuman
Posted on 04-27-2018 12:44 PM
I don't have a bound machine but if you give me what that returns I'm sure I can show you how to convert it.
Posted on 04-27-2018 12:56 PM
Our AD passwords expire every 90 days and I have an Extension Attribute that reports on the number of days up until the last two weeks of expiration.
#!/bin/bash
pwPolicy=90
user=`/usr/bin/who | /usr/bin/awk '/console/{ print $1 }'`
lastpwdMS=`dscl localhost read /Active Directory/<DOMAIN>/All Domains/Users/$user | grep SMBPasswordLastSet | cut -d' ' -f 2`
todayUnix=`date "+%s"`
lastpwdUnix=`expr $lastpwdMS / 10000000 - 11644473600`
diffUnix=`expr $todayUnix - $lastpwdUnix`
diffdays=`expr $diffUnix / 86400`
daysremaining=`expr $pwPolicy - $diffdays`
if [[ "$daysremaining" -gt 0 && "$daysremaining" -lt "15" ]]; then
echo "<result>2 Weeks</result>";
else
echo "<result>$daysremaining</result>";
fi
Posted on 04-30-2018 05:49 AM
@iJake the results is as follows:
SMBPasswordLastSet: 131426115105227560
@daniel.behan Thanks that is useful, but what I really need is the date the password was last changed to be visible.
Posted on 04-30-2018 06:36 AM
If you have access to a bound Windows PC or VM, you can use the Account Lockout Status tool to find that for any AD accounts. I use this on a daily basis. The Last Password Set column displays time and date. It works well as long as your AD account is privileged to see that kind of info for other users. You may need to work with your AD administrators to get your AD permissions right.
Posted on 04-30-2018 06:57 AM
#!/bin/bash
adPwdLastSetNT=$(dscl "/Active Directory/DOMAINNAME/" -read /Users/USERNAME pwdLastSet)
adPwdLastSetHuman=$(date -j -f "%s" "$((($adPwdLastSetNT/10000000)-11644473600))" "+%x %X")
echo $adPwdLastSetHuman
Add the parts where you figure out domain and username. You can play with formatting of how you want the date outputted. Here is a guide for the BSD date command.
Posted on 04-30-2018 09:19 AM
@iJake Thanks. I'm getting an error on the second command.
line 5: (SMBPasswordLastSet: 131426115105227560/10000000)-11644473600: missing `)' (error token is ": 131426115105227560/10000000)-11644473600")
I can confirm that the first command is working by commenting out the rest and echoing the first variable.
I dont see any obvious syntax errors.
Posted on 04-30-2018 09:24 AM
Paste your copy of the whole script.
Posted on 04-30-2018 11:17 AM
The only edit is the domain name. note that the number in the erro is the correct result of the pwdLastSet command.
adPwdLastSetNT=$(dscl "/Active Directory/DOMAINNAME" -read /Users/ssavarese pwdLastSet)
adPwdLastSetHuman=$(date -j -f "%s" "$((($adPwdLastSetNT/10000000)-11644473600))" "+%x %X")
echo $adPwdLastSetHuman
Posted on 04-30-2018 11:23 AM
Run the script in debug mode (bash -x /PATH/TO/SCRIPT) and then paste the output. Try to use the code markdown tag too so it's easier to read.
Posted on 04-30-2018 12:43 PM
+ dscl '/Active Directory/DOMAINNAME' -read /Users/ssavarese pwdLastSet
adPwdLastSetNT='dsAttrTypeNative:pwdLastSet: 131426115105227560'
/Users/ssavarese/Desktop/passworddate.sh: line 5: (dsAttrTypeNative:pwdLastSet: 131426115105227560/10000000)-11644473600: missing `)' (error token is ":pwdLastSet: 131426115105227560/10000000)-11644473600")
adPwdLastSetHuman=
echo
I don't know how to use the code markdown tag. Sorry, Im not a developer, but I follow instructions well if you want to tell me how :)
Posted on 04-30-2018 12:45 PM
The markdown tags are right above where you type in your message.
I see the problem, didn't expect the result to not just be the number.
#!/bin/bash
adPwdLastSetNT=$(dscl "/Active Directory/DOMAINNAME/" -read /Users/USERNAME pwdLastSet | awk '{print $NF}')
adPwdLastSetHuman=$(date -j -f "%s" "$((($adPwdLastSetNT/10000000)-11644473600))" "+%x %X")
echo $adPwdLastSetHuman
Posted on 04-30-2018 12:50 PM
You rock! Thanks for taking the time to help me @iJake
This will be a very useful tool for me. Very much appreciated.
Posted on 04-30-2018 12:52 PM
Glad to help, @ssavarese