MacOS – Change Active Directory Password Expiration Prompt in OS X Yosemite

active-directorymacospassword

I'm looking for a way to change the default Active Directory password expiration prompt at login from 30 days to our current IT policy of 14 days.

Every time a user logs in on a Mac with Active Directory, they get a 30 day notice, but on a PC they get a 14 day notice, so I know it's something local to the Mac and not something controlled through the servers.

I cannot for the life of me find the .plist that controls this and all other information I can find is extremely out of date.

Any advice?

Best Answer

From Apple AD Integration Guide:

http://training.apple.com/pdf/wp_integrating_active_directory_yosemite.pdf

Login Window Password Expiration Interval An administrator can change the default expiration notification for the Login Window from the command line: defaults write / Library/Preferences/ com.apple.loginwindow PasswordExpirationDays -int <number of days>

defaults write / Library/Preferences/com.apple.loginwindow PasswordExpirationDays -int 14

Best Answer

Related Solutions

MacBook – Unable to login to MacBook, worked fine with Active Directory account on corp. network

Active Directory Network Account does not have login keychain

Related Question