tags:

views:

617

answers:

2
+1  Q: 

Cannot find the Locked property in Active Directory (C#)

First off I know there have been many posts on this topic however all of the information that I have found does not help in my situation. What is happening is that I cannot find where the property is for locking out a user in AD. I have used

link text

for everything else with AD and it has all worked however, the bit map the userAccountControl does not change if an account is locked out. Trying to access the lockoutTime returns an exception saying that it cannot find the property. The only thing that remotely works is the

user.InvokeGet("IsAccountLocked")

call, but it always returns false no matter the if the account is locked or not.

If anybody has any ideas it would be very helpful or a link that might help me out.

Thanks

+1  A: 

If you are using .NET 3.5 you should use the UserPrincipal class in the System.DirectoryServices.AccountManagement namespace. This class has an IsAccountLockedOut() method as well as a property to get the AccountLockOutTime.

using (var context = new PrincipalContext( ContextType.Domain ))
{
     using (var user = UserPrincipal.FindByIdentity( context,
                                                     IdentityType.SamAccountName,
                                                     name ))
     {
          if (user.IsAccountLockedOut())
          {
              ... your code here...
          }
     }
}
tvanfosson  2009-07-22 15:55:56
Thank you very much. With .NET 3.5 how do you then unlock an account?
J Lundberg  2009-07-22 17:10:06
There is an UnlockAccount() method on the UserPrincipal object: http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.authenticableprincipal.unlockaccount.aspx
tvanfosson  2009-07-22 17:15:54
Can you make the PrincipalContext the global catalog?
J Lundberg  2009-07-22 17:30:23
I've only done this when using a PrincipalSearcher. This involves replacing the SearchRoot on the searcher object with the global catalog root. That is create a searcher for the current domain, then replace the search root with a new DirectoryEntry corresponding to the global catalog path.
tvanfosson  2009-07-22 18:04:00
A: 

If you're on .NET 2.0/3.0, you can use the following code, assuming you have an instance of a DirectoryEntry called user:

// get the "userAccountControl" property
int uac = Convert.ToInt32(user.Properties["userAccountControl"][0]);

const int ADS_UF_ACCOUNTDISABLE = 0x00000002;
const int ADS_UF_LOCKOUT = 0x00000010;

bool accountIsDisabled = (uac & ADS_UF_ACCOUNTDISABLE) == ADS_UF_ACCOUNTDISABLE;
bool accountIsLockedOut = (uac & ADS_UF_LOCKOUT) == ADS_UF_LOCKOUT;

Marc

marc_s  2009-07-22 16:08:54

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?