pmbuko/ad_pass_exp.sh

## ad_pass_exp.sh
#!/bin/bash

myDomain=$(dsconfigad -show | awk '/Active Directory Domain/{print $NF}')

myLDAP=$(dig -t srv _ldap._tcp.${myDomain} | awk '/^_ldap/{print $NF}' | head -1)

mySearchBase=$(ldapsearch -LLL -Q -s base -H ldap://${myLDAP} defaultNamingContext | awk '/defaultNamingContext/{print $2}')

uAC=$(dscl localhost read /Search/Users/$USER userAccountControl | awk '/:userAccountControl:/{print $2}')
if [[ $uAC =~ ^6 ]]; then
    passExpires="no"
else
    passExpires="yes"
fi

expireAgeDays=$(ldapsearch -LLL -Q -s base -H ldap://${myLDAP} -b $mySearchBase maxPwdAge | awk -F- '/maxPwdAge/{print $2/10000000/86400}')

pwdSetDateRaw=$(dscl localhost read /Search/Users/$USER SMBPasswordLastSet | awk '/LastSet:/{print $2}')

pwdSetDateUnix=$(echo "$pwdSetDateRaw / 10000000 - 11644473600" | bc -l)

pwdSetDate=$(echo "$pwdSetDateUnix / 86400" | bc -l)

todayUnix=$(date +%s)

today=$(echo "$todayUnix / 86400" | bc -l)

daysUntilExp=$(echo "$expireAgeDays - ($today - $pwdSetDate)" | bc -l)

daysUntilExpNice=$(echo "$daysUntilExp" | awk -F. '{print $1}')

echo "myDomain:         $myDomain"
echo "myLDAP:           $myLDAP"
echo "mySearchBase:     $mySearchBase"
echo "uAC:              $uAC"
echo "passExpires:      $passExpires"
echo "expireAgeDays:    $expireAgeDays"
echo "pwdSetDateRaw:    $pwdSetDateRaw"
echo "pwdSetDateUnix:   $pwdSetDateUnix"
echo "pwdSetDate:       $pwdSetDate"
echo "todayUnix:        $todayUnix"
echo "today:            $today"
echo "daysUntilExp:     $daysUntilExp"
echo "daysUntilExpNice: $daysUntilExpNice"
	#!/bin/bash

	myDomain=$(dsconfigad -show \| awk '/Active Directory Domain/{print $NF}')

	myLDAP=$(dig -t srv _ldap._tcp.${myDomain} \| awk '/^_ldap/{print $NF}' \| head -1)

	mySearchBase=$(ldapsearch -LLL -Q -s base -H ldap://${myLDAP} defaultNamingContext \| awk '/defaultNamingContext/{print $2}')

	uAC=$(dscl localhost read /Search/Users/$USER userAccountControl \| awk '/:userAccountControl:/{print $2}')
	if [[ $uAC =~ ^6 ]]; then
	passExpires="no"
	else
	passExpires="yes"
	fi

	expireAgeDays=$(ldapsearch -LLL -Q -s base -H ldap://${myLDAP} -b $mySearchBase maxPwdAge \| awk -F- '/maxPwdAge/{print $2/10000000/86400}')

	pwdSetDateRaw=$(dscl localhost read /Search/Users/$USER SMBPasswordLastSet \| awk '/LastSet:/{print $2}')

	pwdSetDateUnix=$(echo "$pwdSetDateRaw / 10000000 - 11644473600" \| bc -l)

	pwdSetDate=$(echo "$pwdSetDateUnix / 86400" \| bc -l)

	todayUnix=$(date +%s)

	today=$(echo "$todayUnix / 86400" \| bc -l)

	daysUntilExp=$(echo "$expireAgeDays - ($today - $pwdSetDate)" \| bc -l)

	daysUntilExpNice=$(echo "$daysUntilExp" \| awk -F. '{print $1}')

	echo "myDomain: $myDomain"
	echo "myLDAP: $myLDAP"
	echo "mySearchBase: $mySearchBase"
	echo "uAC: $uAC"
	echo "passExpires: $passExpires"
	echo "expireAgeDays: $expireAgeDays"
	echo "pwdSetDateRaw: $pwdSetDateRaw"
	echo "pwdSetDateUnix: $pwdSetDateUnix"
	echo "pwdSetDate: $pwdSetDate"
	echo "todayUnix: $todayUnix"
	echo "today: $today"
	echo "daysUntilExp: $daysUntilExp"
	echo "daysUntilExpNice: $daysUntilExpNice"