All geek questions in one place

.NET Active Directory Expiration in Windows 2008

Searched SO and everywhere, including the .net developers guide to the directory services programming book - no luck.

I am trying to create a simple reset password webpage that allows the user to change their password. Part of the code change password works fine. For users that I would also like to display when their current password expires as follows.

Using the code example from the book mentioned above, I was able to get all the code settings, however the returned attribute is always Long.MinValue and therefore cannot be inverted to a positive number, plus this means that it did not find the correct domain setting.

Does anyone have sample code or links to get password expiration in Windows 2008 or R2, where password policies may vary for each user?

Updated to include code

The constructor that gets the policy object:

public PasswordExpires()
    {
        //Get Password Expiration
        Domain domain = Domain.GetCurrentDomain();
        DirectoryEntry root = domain.GetDirectoryEntry();

        using (domain)
        using (root)
        {
            this.policy = new DomainPolicy(root);
        }
    }

Domain Policy Designer:

public DomainPolicy(DirectoryEntry domainRoot)
    {
        string[] policyAttributes = new string[] {
  "maxPwdAge", "minPwdAge", "minPwdLength", 
  "lockoutDuration", "lockOutObservationWindow", 
  "lockoutThreshold", "pwdProperties", 
  "pwdHistoryLength", "objectClass", 
  "distinguishedName"
  };

        //we take advantage of the marshaling with
        //DirectorySearcher for LargeInteger values...
        DirectorySearcher ds = new DirectorySearcher(
          domainRoot,
          "(objectClass=domainDNS)",
          policyAttributes,
          SearchScope.Base
          );

        SearchResult result = ds.FindOne();

        //do some quick validation...         
        if (result == null)
        {
            throw new ArgumentException(
              "domainRoot is not a domainDNS object."
              );
        }

        this.attribs = result.Properties;
    }

Call this method to get the password expiration date:

public TimeSpan MaxPasswordAge
    {
        get
        {
            string val = "maxPwdAge";
            if (this.attribs.Contains(val))
            {
                long ticks = GetAbsValue(
                  this.attribs[val][0]
                  );

                if (ticks > 0)
                    return TimeSpan.FromTicks(ticks);
            }

            return TimeSpan.MaxValue;
        }
    }

The code does not work here because it cannot convert Long.MinValue, which should not be in the first place

private long GetAbsValue(object longInt)
    {
        return Math.Abs((long)longInt);
    }

Here is the output and debugger values. According to MSDN, the overflow exception is caused by a minimum value. My numbers follow the examples for minvalue.

Screenshot http://www.brentpabst.com/capture.png

+3
source share
1

, lastPwdSet - maxPwdAge < DateTime.UtcNow , . , , 10 , (DateTime.UtcNow - 7) - (-10) DateTime.UtcNow - 7 + 10 DateTime.UtcNow + 3, DateTime.UtcNow, .

, maxPwdAge long.MinValue . , long.MinValue, , . , , :

private long GetAbsValue(object longInt)  // poorly named
{
    long val = (long)longInt;
    if (val == long.MinValue)
        return long.MaxValue;
    return Math.Abs((long)longInt);  
}

, , 100 . ., .

+2

Source: https://habr.com/ru/post/1736597/

More articles:


All Articles