Second question is, are these Macs joined to AD, and are the accounts mobile AD accounts or otherwise from AD?
If the answer is yes, and if you know the domain path resource to check against, and the user account is from AD, then something like the below would work. This is extracted from a larger script that compiled a lot of info into a special menu item, from a while back. I don't use it anymore, but the script pieces still work.
#!/bin/bash
## Change daysPWValid below to a days value that your passwords need to change. For example, if they expire after 60 days, put in 60. If 90 days, put in 90, etc.
daysPWValid="60"
secsPWValid=$((60*60*24*daysPWValid))
timeNow=$(date +"%s")
## Change "ORG" in the below to the correct domain name
domainPath="/Active Directory/ORG/All Domains"## This gets the current logged in user. Use a different method of getting the user if needed, or hard code a name in.
currentUser=$(stat -f%Su /dev/console)
## Gets the raw last password set value from AD
lastPWChangeRaw=$(dscl "$domainPath"read /Users/${currentUser} SMBPasswordLastSet | cut -d' '-f2)
## Does calculation to get some values we need on the next password change + how many days leftif [ "$lastPWChangeRaw" != "" ]; then
lastPWChangeTrue=$((lastPWChangeRaw/10000000-11644473600))
nextPWChangePlusTime=$((lastPWChangeTrue+secsPWValid))
nextPWChange=$(date -jf "%s""$nextPWChangePlusTime" +"%Y-%m-%d %H:%M:%S")
daysToChange=$((((nextPWChangePlusTime-timeNow))/60/60/24))
echo"Next Password Change: ${nextPWChange}, $daysToChange Days"elseecho"No Last Password Set date was found."exit0fi
If you are looking to pull that directly from AD, you'd need to look at ldapsearch like @Nix4Life mentioned. I assume the fields using dscl are from the Mac's perspective. If you want AD Attribute values, use ldapsearch.
nice this is what im looking but
1) login user password was different , AD user password was different to sync do we have any script
2) user working from home and VPN need to connect for the validation check
3) the user ID is the same in MAC login user validation required 4) no LAPS user just has a local Admin account having it.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.