Workflow with the "accountExpires" ldap attribute

New Contributor III

I have an EA to pull in the accountExpires ldap attribute. The format is unreadable and I want to convert to human readable format. Then I want a smart group to catch users with PW expiring within a few days. Here is a link to bash script I fount to convert the number.

What is the best approach to this? Pipe the output from the EA into the Bash script?

Thank you for any ideas in advance.



We use the following:

This Extension Attribute is designed to return the number of days remaining until Active Directory password expiration.
So you would need to change # Current password change policy to suit your environment.


# Logged in user
LoggedInUser=`ls -l /dev/console | awk '{ print $3 }'`

# Current password change policy

# Last password set date
LastPasswordSet=`dscl /Active Directory/CORP/All Domains/ read /Users//$LoggedInUser SMBPasswordLastSet | awk '{print $2}'`

# Calculations
LastPasswordCalc1=`expr $LastPasswordSet / 10000000 - 1644473600`
LastPasswordCalc2=`expr $LastPasswordCalc1 - 10000000000`
TimeStampToday=`date +%s`
TimeSinceChange=`expr $TimeStampToday - $LastPasswordCalc2`
DaysSinceChange=`expr $TimeSinceChange / 86400`
DaysRemaining=`expr $PasswdPolicy - $DaysSinceChange`

echo "<result>$DaysRemaining</result>"

exit 0

Taken from:

New Contributor III

Thank you sdunbar. I missed that post. It worked for me after I figured the right format for my domain. This will help me bridge the gap until Apple Professional Services give us the EC agent.

I was inserting our name in CORP incorrectly. Once i got it right I was good to go. dscl /Active Directory/CORP/All Domains/ read /Users//$LoggedInUser SMBPasswordLastSet | awk '{print $2}'