Trigger action on AD account lock

jnice22
New Contributor II

Hi Everyone,

I am running into some issues with account lock outs in an AD environment. I am working on a script to trigger a notification and gather local logs to get ahead of the issue. I do not believe it is the Sierra lockout issue because it happens to users on 10.11 as well. I want to gather as much info on the Mac side, before going to our Windows team to attempt to gather AD logs.
Running dscl I can find out exactly when a user account is locked out. dscl localhost -read "/Active Directory/DOMAIN/All Domains/Users/$user" | grep -i lockoutTime
I could run the script every "n" minutes and then gather the logs and send the notification but I would prefer using a daemon to watch a file that changes when an account locks. Is anyone aware of the existence of such a file? I tried doing a find . -mmin -1 before and after the account lockout but I do not see anything that may help.

Thanks!
Jasen

0 REPLIES 0