All geek questions in one place

Cannot find Locked property in Active Directory (C #)

Firstly, I know that there were a lot of posts in this thread, however, all the information I found does not help in my situation. What happens is that I cannot find where the property blocks the user in AD. I used

link text

for everything else with AD and everything works, the userAccountControl bitmap does not change if the account is locked. Attempting to access lockoutTime returns an exception saying that it cannot find the property. The only thing that works remotely is

user.InvokeGet ("IsAccountLocked")

but it always returns false regardless of whether the account is locked or not.

If anyone has any ideas, this will be very helpful or a link that may help me.

thanks

+2
source share
2 answers

If you are using .NET 3.5, you must use the UserPrincipal class in the System.DirectoryServices.AccountManagement namespace. This class has an IsAccountLockedOut () method , as well as a property to get AccountLockOutTime .

using (var context = new PrincipalContext( ContextType.Domain )) { using (var user = UserPrincipal.FindByIdentity( context, IdentityType.SamAccountName, name )) { if (user.IsAccountLockedOut()) { ... your code here... } } }
+4
source

If you are using .NET 2.0 / 3.0, you can use the following code if you have a DirectoryEntry instance called user :

 // get the "userAccountControl" property int uac = Convert.ToInt32(user.Properties["userAccountControl"][0]); const int ADS_UF_ACCOUNTDISABLE = 0x00000002; const int ADS_UF_LOCKOUT = 0x00000010; bool accountIsDisabled = (uac & ADS_UF_ACCOUNTDISABLE) == ADS_UF_ACCOUNTDISABLE; bool accountIsLockedOut = (uac & ADS_UF_LOCKOUT) == ADS_UF_LOCKOUT;

Mark

0
source

Source: https://habr.com/ru/post/1441015/

More articles:


All Articles