Disabling the password change/reminder for Active Directory accounts

When you’re asking your users to change their passwords from a website, it will be interesting to disable the ability to modify the password directly from the Mac OS X login window. The login window checks the expiration date of the passwords and ask the user to change it 30 days before.

This is a great solution if you’re using only one centralized Active Directory domain, but a bad thing if the Active Directory is not the only directory of your company and the password needs to be changed in other systems.

If you’re using a centralized system to change the passwords or an SSO system it will be important to disable this warning. To do that, you can edit this file :


And simply add this key :


In this case, the login window will never checks if the password expires soon. Thanks to the member of MacEnteprise that shares the solution.

One Reply to “Disabling the password change/reminder for Active Directory accounts”

  1. It also can be done via Terminal Commands or use ARD:

    Backup the Original file just incase by the following command.
    sudo cp /Library/Preferences/com.apple.loginwindow.plist /Library/Preferences/ORIG_com.apple.loginwindow.plist;

    Add the key by the following command:
    sudo defaults write /Library/Preferences/com.apple.loginwindow.plist PasswordExpirationDays -int 0;

Leave a Reply

Your email address will not be published. Required fields are marked *