问题
Is there a way to check whether a user's password has expired in a Active Directory Lightweight Directory Services instance? Specifically, is there a property (hopefully a boolean) that defines whether the password expired, taking into consideration whether the user's password is past expiration date and also whether the user's password is set to expire at all (in which case it should always return false).
We're trying to query Active Directory for this information using the DirectoryEntry API and the PrincipalContext API, but can't figure out where it is stored. Just querying the pwdLastSet won't be enough since we don't have access to the expiration period for the domain, and we want to be able to support the in-place password policy.
回答1:
Inspect the userAccountControl attribute.
来源:https://stackoverflow.com/questions/13770808/how-to-check-when-users-password-has-expired-in-active-directory-lds-adam-pr