Oct 03, '06 07:30:00AM • Contributed by: joelbruner
#!/bin/bash
pwPolicy=60
user=`whoami`
#use dscl in ineractive mode to find out ADdomain
ADdomain="All Domains"
userRecord=`dscl localhost -read /Active\ Directory/$ADdomain/Users/$user`
lastpwdMS=`echo "$userRecord" | grep -i pwdLastSet | sed 's/pwdLastSet: //'`
todayUnix=`date "+%s"`
lastpwdUnix=`expr $lastpwdMS / 10000000 - 11644473600`
diffUnix=`expr $todayUnix - $lastpwdUnix`
diffdays=`expr $diffUnix / 86400`
daysremaining=`expr $pwPolicy - $diffdays`
echo $daysremaining
I've created a 28KB zip file (ADexpire.zip; Hints mirror) that contains adexpirre.sh, adexpire.php, and adexpire.scpt (and application version) for client/server setup (with code comments). This works for the situation many are in at my work: their machines aren't bound to AD and they don't often log into the file services on an AD server to find out their password expiration! This allows one server to field queries and return a value via http to an AppleScript that runs as a login item.
Hopefully this will help someone else and even better; maybe someone way smarter than me does it in five lines in Perl! ;) Looking forward to the comments and revisions.
[robg adds: I have no way of testing this one...]
