Test "User Must Change Password" field in .Net 3.5

c# .net .net-3.5 active-directory
10,035

I remember this from having to find out when the user last set their password, but I never used it. Hope it helps... and I never tried the UserAccountControl attribute, but it looks not-too-crazy.

Pwd-Last-Set Attribute

If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon.

Check out the User-Account-Control, someone included an example of how to read this flag only (as part of a query). It's probably better to just add the attribute to the 'to-be-returned', if that is possible.

I think this should work in 3.5. They made this waaaaay simpler. I can't get a DirectorySearcher object to return me the UserAccountControl flags, only this. Perhaps thats permissions, dunno... 

Imports System.DirectoryServices.AccountManagement

Dim pctx = New PrincipalContext(AccountManagement.ContextType.Domain)
Dim p = UserPrincipal.FindByIdentity(pctx, "andrew")
If p.LastPasswordSet.HasValue = False Then
    If p.PasswordNeverExpires = False Then
        Console.WriteLine("You should have to enter a password next time!")
    End If
End If
Share:
10,035
Grhm
Author by

Grhm

Updated on June 05, 2022

Comments

  • Grhm
    Grhm almost 2 years

    I'm trying to perform some basic AD User managment tasks in C# using .Net 3.5

    I've got a System.DirectoryServices.AccountManagement.UserPrincipal object that contains the user details.

    I can call user.ExpirePasswordNow() and the user will be forced to changed their password at next login (and the "Active Directory Users and Computers" GUI has the "User must change password at next logon" box checked.

    However, I want to test the state of this property and act on it - I don't want to just always set it true via the ExpirePasswordNow() function. How can I do this?

    I've found examples suggesting I access the underlying DirectoryEntry and its pwdLastSet propperty - but this appears as an inpenetrable System.__ComObject type - it's probably a IADsLargeInteger but I cannot cast to that type due to its "protection level".

    I'm at a loss - can anyone help?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to fix 'System.StackOverflowException?
Split large file into smaller files by number of lines in C#?
How to retrieve DirectoryEntry from a DirectoryEntry and a DN
System.IO.File.Copy() produces System.IO.IOException: The specified network name is no longer available
HTTPWebRequest Could not create SSL/TLS secure channel
How do I allow a null value when binding to a numeric field in a datatable?
C# and .NET 3.5 - How to launch a process using different credentials, with a hidden window, and being able to capture standard output and exit code?
Fails to start .NET app, ConfigurationErrorsException
How to define an alias for a property
C# accessing active directory with different user credentials