How to set AccountExpires in VB.NET via a AD DirectoryEntry

Question

I needed to set the accountExpires property in the AD DirectoryEntry couldn't find a simple answer. Found some information;

http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.userprincipal.aspx

http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/182bfb6a-8b23-4c96-9379-101a4d91241a

http://www.rlmueller.net/AccountExpires.htm

Saw some articles re ADS****.dll but didn't think I needed to use this method

        Dim valueToSet As Date = Now.AddDays(10)
        Dim ADSPath As String = "LDAP://cn=..."
        Dim de As DirectoryEntry = New DirectoryEntry(ADSPath)
        Dim d As TimeSpan = valueToSet.ToUniversalTime - Date.Parse("01/01/1601")
        Dim ValueToSetAsString As String = d.Ticks.ToString
        ' it appears that the ticks value is too large for the value of the directory entry
        ' converting to a string (18 chars or so) works!
        de.Properties("accountexpires").Value = ValueToSetAsString

Thanks to Brian it looks like the large amount of code wrote above can be simplified;

        de.Properties("accountexpires").Value = valueToSet.ToFileTime.ToString

A function to return the AccountExpires and other largeInteger issues in VB.NET

        Function ConvertADValueToDateTime(ByVal li As Object) As DateTime
        ' http://bytes.com/topic/visual-basic-net/answers/512901-lastlogontimestamp

        Try
            Dim lngHigh = li.HighPart
            Dim lngLow = li.LowPart
            Dim lastLogon = (lngHigh * 2 ^ 32) - lngLow
            Dim returnDateTime As DateTime = DateTime.FromFileTime(lastLogon)
            Return returnDateTime
        Catch ex As Exception
            Return Nothing
        End Try

    End Function

Example use :

            Dim d As DateTime = ConvertADValueToDateTime(de.Properties("accountexpires").value)               
            If d = "01/01/1601" Then
                ' no expiry date
                Return Nothing
            Else
                Return d
            End If

An alternative method

Convert LDAP AccountExpires to DateTime in C#

Answer 1

Something like this will set your account to expire in 30 days:

Dim de As New DirectoryEntry("LDAP://cn=foo,cn=users,dc=contoso,dc=com")

de.Properties["accountExpires"].Value = DateTime.UtcNow.AddDays(30).ToFileTime()
de.CommitChanges()

Answer 2

This uses a DateTimePicker on a form but it should be trivial to use any other date format..

Imports System.DirectoryServices
Imports System.DirectoryServices.ActiveDirectory
Imports System.IO

'Get the user
Dim EntryString As String
EntryString = "LDAP://...."
Dim dirEntry As DirectoryEntry
dirEntry = New DirectoryEntry(EntryString)
Dim dirSearcher As New DirectorySearcher(dirEntry)
dirSearcher.Filter = "(&(objectCategory=Person)(objectClass=user)(SAMAccountName=" & Trim(Form1.AccountNameTB.Text) & "))"
dirSearcher.SearchScope = SearchScope.Subtree
Dim searchResults As SearchResult = dirSearcher.FindOne()

'Set the date
Dim d1 As Date = Form1.AccountExpiresDTP.Value
Dim d2 As New DateTime(d1.Year, d1.Month, d1.Day)
d2 = d2.AddDays(1) 'Add one day so that it matches what is in AD
Dim ft As Long = d2.ToFileTime()
dirEntryResults.Properties("accountExpires").Value = ft.ToString 'You do need to turn it into a string
dirEntryResults.CommitChanges()
dirEntryResults.Close()