3

We have an Active Directory network with a mixed environment of Macs and PCs, including some remote users who connect via VPN. We're trying to implement a password expiration policy, but we've run into the roadblock such that when a Mac's password is expired on AD, it can't connect period - no prompt or opportunity to change password, no nothing. This goes double for a VPN client synced with the domain password.

Surely there's a piece of middleware or something that bridges this gap. Any thoughts?

pfo
  • 5,700
  • 24
  • 36
Chris B. Behrens
  • 671
  • 1
  • 6
  • 12
  • 1
    What do you mean by "Mac"? Please describe which version(s) of Mac OS X your clients are running. Starting with 10.6.8 AD password expiry (shows remaining days) and renewal is supported(tm). – pfo Mar 30 '12 at 15:39
  • 1
    I think that that information is largely part of the answer, and worth posting as an answer below. – Chris B. Behrens Mar 30 '12 at 17:16

2 Answers2

2

We have a scheduled task that runs daily and emails users at predefined password age intervals. E.g., if our password age is 90 days, email them at 75 days, 80, 83, 85, 87, and 89 days.

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
1

Take a look at ADPassMon It will notify the local user when a change is needed.

uSlackr
  • 6,412
  • 21
  • 37