Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET C# Active Directory - See how long before a user's password expires

Tags:

asp.net

c#-3.0

active-directory

I have an interesting problem, I am writing a password management webpage/service and I am trying to find a way to determine when a user's password is going to expire so I can manually reset their other passwords with it and send out an email, etc.

The problem I'm having is that when trying to loop through my users I'm getting the bulk of them not having a pwdlastset attribute so I can't determine when it's going to expire.

So I guess I am looking for ideas on a good way to check for when a user's password is going to expire aside from using the pwdlastset property and calculating the time left.

Thanks a bunch.

like image 850
Jimmy Avatar asked Feb 28 '23 08:02

Jimmy

1 Answers

It's actually quite a bit more complicated than you might think at first...

  • in order to know how long a password can be valid, you need to read a "domain policy" and find out that way

Then:

  • if the user has the "UF_DONT_EXPIRE_PASSWD" flag set in his "userAccountControl", his password will never expire
  • if the "pwdLastSet" value (a "ADSLargeInteger" or Int64 value, which is rather tricky to read in the first place) is 0, the user will have to change his password the next time he logs on
  • if the "pwdLastSet" value is -1, the password has never been set
  • only if none of the above are true, then the "pwdLastSet" value contains the date when the password was last set, to which you can add the "MaxPasswordAge" from the domain policy, and this will give you the date when the user's password is going to expire

Phew! Did you think it would be this tricky? :-)

Marc

PS: If you're serious about .NET based AD programming, you ought to have this book:

DevGuide

The .NET Developer's Guide to Directory Services Programming

The book contains all the goodies like determining user's password expiration dates, determining user account lockout state and much much more - highly recommended! Joe and Ryan did an outstanding job getting all this information together and explaining it so that even an average Joe programmer like myself can understand it :-)

like image 99
marc_s Avatar answered Apr 09 '23 02:04

marc_s
Sign in to Comment

Related questions

How do you debug ASP.NET applications under IIS7 on Vista?
What is recommended for monitoring traffic to my asp.net application
Clear the ASP.net cache for multiple worker processes
How to remove dynamically created controls in asp.net
Open new window from code-behind
"ASP.NET" error: Access to the remote server is denied because no login-mapping exists
Audio Libraries for MP3 editing [closed]
Could not load file or assembly System.EnterpriseServices
Stop asp.net image control automatically UrlEncoding the ImageUrl parameter
jQuery AJAX slow in Firefox, fast in IE
How do I detect if a scriptmanager is on the page?
A good way to access stored procedure on SQL Server 2008 from C#
Insert whitespace between characters in listbox
How do I center an image provided as an ASP.NET image control?
Asp.net Dynamic Validators don't work in Chrome or Safari
Asp.net membership Table: aspnet_UsersInRoles not showing up in Enity Framework designer
HTML input type submit: problem with width on IE
ASP.NET Server Migration
Why does ASP.NET auto-generated .designer code have the incorrect type?
Firefox ignores Response.ContentType

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!