I'm looking for a way to change the default Active Directory password expiration prompt at login from 30 days to our current IT policy of 14 days.
Every time a user logs in on a Mac with Active Directory, they get a 30 day notice, but on a PC they get a 14 day notice, so I know it's something local to the Mac and not something controlled through the servers.
I cannot for the life of me find the .plist that controls this and all other information I can find is extremely out of date.
Any advice?
Best Answer
From Apple AD Integration Guide:
http://training.apple.com/pdf/wp_integrating_active_directory_yosemite.pdf
defaults write / Library/Preferences/com.apple.loginwindow PasswordExpirationDays -int 14