Active Directory user password expiration date .NET/OU Group Policy
I have searched the site for information and found this: ASP.NET C# Active Directory - See how long before a user's password expires
which explains how to get th
-
Some of the previous answers rely on the DirectoryEntry.InvokeGet method, which MS says should not be used. So here's another approach:
public static DateTime GetPasswordExpirationDate(UserPrincipal user) { DirectoryEntry deUser = (DirectoryEntry)user.GetUnderlyingObject(); ActiveDs.IADsUser nativeDeUser = (ActiveDs.IADsUser)deUser.NativeObject; return nativeDeUser.PasswordExpirationDate; }You'll need to add a reference to the ActiveDS COM library typically found at C:\Windows\System32\activeds.tlb.
讨论(0) -
Use following method to get expiration date of the account-
public static DateTime GetPasswordExpirationDate(string userId) { string forestGc = String.Format("GC://{0}", Forest.GetCurrentForest().Name); var searcher = new DirectorySearcher(); searcher = new DirectorySearcher(new DirectoryEntry(forestGc)); searcher.Filter = "(sAMAccountName=" + userId + ")"; var results = searcher.FindOne().GetDirectoryEntry(); return (DateTime)results.InvokeGet("PasswordExpirationDate"); }讨论(0) -
Let me start with http://support.microsoft.com/kb/323750 which contains Visual Basic and VBScript examples and http://www.anitkb.com/2010/03/how-to-implement-active-directory.html which outlines how the maxPwdAge OU setting impacts computers, not users. It also has a comment pointing to AloInfo.exe as a tool from MS that can be used to get password ages.
Here is the example:
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.DirectoryServices; namespace LDAP { class Program { static void Main(string[] args) { string domainAndUsername = string.Empty; string domain = string.Empty; string userName = string.Empty; string passWord = string.Empty; AuthenticationTypes at = AuthenticationTypes.Anonymous; StringBuilder sb = new StringBuilder(); domain = @"LDAP://w.x.y.z"; domainAndUsername = @"LDAP://w.x.y.z/cn=Lawrence E."+ " Smithmier\, Jr.,cn=Users,dc=corp,"+ "dc=productiveedge,dc=com"; userName = "Administrator"; passWord = "xxxpasswordxxx"; at = AuthenticationTypes.Secure; DirectoryEntry entry = new DirectoryEntry( domain, userName, passWord, at); DirectorySearcher mySearcher = new DirectorySearcher(entry); SearchResultCollection results; string filter = "maxPwdAge=*"; mySearcher.Filter = filter; results = mySearcher.FindAll(); long maxDays = 0; if(results.Count>=1) { Int64 maxPwdAge=(Int64)results[0].Properties["maxPwdAge"][0]; maxDays = maxPwdAge/-864000000000; } DirectoryEntry entryUser = new DirectoryEntry( domainAndUsername, userName, passWord, at); mySearcher = new DirectorySearcher(entryUser); results = mySearcher.FindAll(); long daysLeft=0; if (results.Count >= 1) { var lastChanged = results[0].Properties["pwdLastSet"][0]; daysLeft = maxDays - DateTime.Today.Subtract( DateTime.FromFileTime((long)lastChanged)).Days; } Console.WriteLine( String.Format("You must change your password within"+ " {0} days" , daysLeft)); Console.ReadLine(); } } }讨论(0) -
The following code worked for me to get the password expiration date on both domain and local user accounts:
public static DateTime GetPasswordExpirationDate(string userId, string domainOrMachineName) { using (var userEntry = new DirectoryEntry("WinNT://" + domainOrMachineName + '/' + userId + ",user")) { return (DateTime)userEntry.InvokeGet("PasswordExpirationDate"); } }讨论(0)
加载中...
- 热议问题