tags:

views:

781

answers:

2
+1  Q: 

Test "User Must Change Password" field in .Net 3.5

I'm trying to perform some basic AD User managment tasks in C# using .Net 3.5

I've got a System.DirectoryServices.AccountManagement.UserPrincipal object that contains the user details.

I can call user.ExpirePasswordNow() and the user will be forced to changed their password at next login (and the "Active Directory Users and Computers" GUI has the "User must change password at next logon" box checked.

However, I want to test the state of this property and act on it - I don't want to just always set it true via the ExpirePasswordNow() function. How can I do this?

I've found examples suggesting I access the underlying DirectoryEntry and its pwdLastSet propperty - but this appears as an inpenetrable System.__ComObject type - it's probably a IADsLargeInteger but I cannot cast to that type due to its "protection level".

I'm at a loss - can anyone help?

+1  A: 

I remember this from having to find out when the user last set their password, but I never used it. Hope it helps... and I never tried the UserAccountControl attribute, but it looks not-too-crazy.

Pwd-Last-Set Attribute

If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon.

Check out the User-Account-Control, someone included an example of how to read this flag only (as part of a query). It's probably better to just add the attribute to the 'to-be-returned', if that is possible.

I think this should work in 3.5. They made this waaaaay simpler. I can't get a DirectorySearcher object to return me the UserAccountControl flags, only this. Perhaps thats permissions, dunno... 

Imports System.DirectoryServices.AccountManagement

Dim pctx = New PrincipalContext(AccountManagement.ContextType.Domain)
Dim p = UserPrincipal.FindByIdentity(pctx, "andrew")
If p.LastPasswordSet.HasValue = False Then
    If p.PasswordNeverExpires = False Then
        Console.WriteLine("You should have to enter a password next time!")
    End If
End If
Andrew Backer  2009-11-17 18:28:29
Thanks. That seems to do the job. I've spent ages trying to get this to work via the PwdLastSet and playing with the UserAccountControl (which seems to not accurately reflect all the flags it contains!!)
Grhm  2009-11-18 09:05:31
Glad it worked :) Twas a shot in the dark, since I can't mess with my own account. Also, when using a DirectorySearcher the __comObject stuff (at least the base types) are converted to .net types for you, like pwdLastSet.
Andrew Backer  2009-11-18 22:49:36
A: 

This might help:

Password expiration email utility

I had trouble finding a free utility that would send employees emails before their windows passwords were ready to expire, so I wrote a C# console application that does it.

Philip Wallace  2009-11-17 19:36:17

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?