Menu
In Active Directory, if a user's account is disabled and then enabled, by default, the user must change their password on first login. I am struggling to be able to detect this programmaticly using C#? Is there a property that is set or something along those lines if a user must reset their property?
Say I have a DirecotryEntry object pointing to a user:
DirectoryEntry user = ...
Is there a property that I can use:
user.Properties[someProperty];
779
The condition is stored in two attributes:
From here.
106
Here is what I wrote to do this. Not exactly answering your question but useful to others who read it later.
The important bits are from PrincipalContext on. All the stuff above that is just how I tried to always get the AdName back with the exact correct capitalization.
Note this is just the code do do the first answer, test LastPasswordSet using a user principal instead of a DE.
Eric-
private bool TestAdShouldChangePassword( string adUser )
{
try
{
string adName = "";
MembershipUser mu = Membership.GetUser( adUser );
if ( mu != null )
{
IStudentPortalLoginBLL splBll = ObjectFactory.GetInstance< IStudentPortalLoginBLL >();
adName = splBll.GetCleanAdName( adUser );// I wrote this is just pulls outhe name and fixes the caplitalization - EWB
PrincipalContext pctx = new PrincipalContext( System.DirectoryServices.AccountManagement.ContextType.Domain );
UserPrincipal p = UserPrincipal.FindByIdentity( pctx, adName );
if ( p == null )
return false;
if ( p.LastPasswordSet.HasValue == false && p.PasswordNeverExpires == false )
{
return true;
}
}
}
catch ( MultipleMatchesException mmex )
{
log.Error ( "TestAdShouldChangePassword( ad user = '" + adUser + "' ) - Exception finding user, can't determine if ad says to change password, returing false : Ex = " + mmex.ToString() );
}
return false;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
