Menu
In my application, I am doing things that a user can control his/her local Windows User account from my app i.e. creating user, set/remove password, change password and also invoking password expiration policy is possible from my app. Now, at this point, I need to figure out If user wants to change his password at next login, then what happens. As many forums and blogs say about this, I did coding accordingly:
Invoke Password Expire at Next Login
public bool InvokePasswordExpiredPolicy()
{
try
{
string path = GetDirectoryPath();
string attribute = "PasswordExpired";
DirectoryEntry de = new DirectoryEntry(path);
de.RefreshCache(new string[] { attribute });
if(de.Properties.Contains("PasswordExpired"))
de.Properties[attribute].Value = 1;
de.CommitChanges();
return true;
}
catch (Exception)
{
return false;
}
}
Provoke Password Expire at Next Login. Reset the flag
public bool ProvokePasswordExpiredPolicy()
{
try
{
string path = GetDirectoryPath();
string attribute = "PasswordExpired";
DirectoryEntry de = new DirectoryEntry(path);
de.RefreshCache(new string[] { attribute });
de.Properties[attribute].Value = -1;
de.CommitChanges();
return true;
}
catch (Exception)
{
return false;
}
}
Checking for whether concerned flag is set or not
public bool isPasswordPolicyInvoked()
{
try
{
string path = GetDirectoryPath();
string attribute = "PasswordExpired";
DirectoryEntry de = new DirectoryEntry(path);
de.RefreshCache(new string[] { attribute });
int value = Convert.ToInt32(de.Properties[attribute].Value);
if (value == 1)
return true;
else
return false;
}
catch (Exception)
{
return false;
}
}
I am using WinNT to get the directory path rather than LDAP. I used the following method to get the directory path.
private String GetDirectoryPath()
{
String uName = this.userName;
String mName = this.userMachine;
String directoryPath = "WinNT://" + mName + "/" + uName;
return directoryPath;
}
is there anything I am missing? Help me out here.
Note: Firstly, I used pwdLastSet attribute to be set to 0(for on) and -1(for off) that throws an exception "Directory Property Not found in Property Cache", later I discovered that WinNT doesn't support this attribute rather it supports PasswordExpired which needs to be 1 to set the flag. That's what I did.
269
Right-click the name of the user whose password you want to change, and then click Properties. Account Options area, click to select the User must change password at next logon check box.
The “User must change password at next logon" option is enabled automatically. When a user attempts to reset password and fails to provide a password which corresponds to the password policy, the "User must change password at next logon" option will be automatically enabled for this user.
How about using System.DirectoryServices.AccountManagement instead, in which case you can call the following code:
UserPrincipal.Current.ExpirePasswordNow();
The code below should work:
de.Properties["pwdLastSet"][0] = 0;
From User Must Change Password at Next Logon (LDAP Provider):
To force a user to change their password at next logon, set the pwdLastSet attribute to zero (0). To remove this requirement, set the pwdLastSet attribute to -1. The pwdLastSet attribute cannot be set to any other value except by the system.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
