I've borrowed from Peter Bukowinski's script that will lookup when an AD user's password is due to expire, and expanded upon it to run as a task in the OS X menu bar. The applet includes preference settings for the following:
- Adjust how often you are required to change your password (5 – 365 days).
- Automatically launch the applet at logon.
- Display the date your password will expire on the logon window (requires admin permissions).
This applet is open source and hosted on Google Code: Password Monitor.
by 
Talk about a no nonsense app that solves a specific problem.
I might have to roll this into my build.
Thanks for the great work!
This little app is great! It works in my environment where Peter’s script never did. I love the status info on the loginwindow as well.
Thanks for sharing your work! Big kudos!
The reason you get a different count of days before your password expires using Password Monitor vs Peter’s script is that I round the days down. It didn’t make sense to me that on the day your password expires the count would still be 1. So I decided to change it accordingly. So if Password Monitor says you have 1 day left before your password expires, it means you have at least a full 24 hours. I discussed this issue with Peter before making the change and he agreed. However, I should note this is not how Entourage works nor Windows. The reminders they each provide round up not down. Which makes sense to community?
I’ve been asked to make my applescript script work with OD. I couldn’t figure it out and asked around. Unfortunately, nobody else I asked could figure out how to get the password age out of OD.
You can do this using the pwpolicy command line tool, like so:
% pwpolicy -u testuser -n /LDAPv3/myserver.example.com –get-effective-policy
Look for passwordLastSetTime, which I think is in seconds since the Unix epoch (Jan 1, 1970).
To run the utility at login when using InstaDMG you simply have to add it to the “com.apple.loginitems.plist” template file. Let me know if you need assistance doing this.