Retrieving User Account Expiration from ActiveDirectory
You can use the System.DirectoryServices.AccountManagement
namespace to accomplish this task. Once you get a UserPrincipal
from a PrincipalContext
, you can inspect the UserPrincipal.AccountExpirationDate
property.
PrincipalContext context = new PrincipalContext(ContextType.Domain);
UserPrincipal p = UserPrincipal.FindByIdentity(context, "Domain\\User Name");
if (p.AccountExpirationDate.HasValue)
{
DateTime expiration = p.AccountExpirationDate.Value.ToLocalTime();
}
If you do want to use DirectoryEntry
, do this:
//assume 'user' is DirectoryEntry representing user to check
DateTime expires = DateTime.FromFileTime(GetInt64(user, "accountExpires"));
private Int64 GetInt64(DirectoryEntry entry, string attr)
{
//we will use the marshaling behavior of the searcher
DirectorySearcher ds = new DirectorySearcher(
entry,
String.Format("({0}=*)", attr),
new string[] { attr },
SearchScope.Base
);
SearchResult sr = ds.FindOne();
if (sr != null)
{
if (sr.Properties.Contains(attr))
{
return (Int64)sr.Properties[attr][0];
}
}
return -1;
}
Another way of parsing the accountExpires
value is using reflection:
private static long ConvertLargeIntegerToLong(object largeInteger)
{
Type type = largeInteger.GetType();
int highPart = (int)type.InvokeMember("HighPart", BindingFlags.GetProperty, null, largeInteger, null);
int lowPart = (int)type.InvokeMember("LowPart", BindingFlags.GetProperty | BindingFlags.Public, null, largeInteger, null);
return (long)highPart <<32 | (uint)lowPart;
}
object accountExpires = DirectoryEntryHelper.GetAdObjectProperty(directoryEntry, "accountExpires");
var asLong = ConvertLargeIntegerToLong(accountExpires);
if (asLong == long.MaxValue || asLong <= 0 || DateTime.MaxValue.ToFileTime() <= asLong)
{
return DateTime.MaxValue;
}
else
{
return DateTime.FromFileTimeUtc(asLong);
}
Related videos on Youtube
Jazerix
I'm a happy guy, studying computer science at the University of Southern Denmark. I feel most at home working with C# or PHP -> Laravel. Lately I've also taken an interest in Vue.js.
Updated on September 15, 2022Comments
-
Jazerix over 1 year
I'm trying to retrieve the expiration date from accounts.
I've tried
DirectoryEntry user = new DirectoryEntry(iMem); var AccountExpiration = DateTime.FromFileTime((int)user.Properties["accountExpires"].Value);
it doesn't work, only gives me the error "Specified cast is not valid".
When I use
var AccountExpiration = user.Properties["accountExpires"];
returns a com object, which I'm unable to read.
Using windows powershell, works fine, I don't get why this wont work...
this is the code I use in powershell
$Expires = [datetime]::FromFileTime($tmpUser.accountExpires)