October 5, 2009

Active Directory and C# VII

Time to continue this series of posts on the domain side. You can download all the files from here. I will upload this file from this post this week. You can see the first post related to this class file here. This post refers to policy and password in AD.
 public DateTime GetPasswordLastChanged(DirectoryEntry entry)
{
return ((IADsUser)entry.NativeObject).PasswordLastChanged;
}

public DateTime GetPasswordExpirationDate(DirectoryEntry entry)
{
return ((IADsUser)entry.NativeObject).PasswordExpirationDate;
}

public bool ChangePasswordAtNextLogon(DirectoryEntry entry)
{
// MSDN: pswLastSet
// If this value is set to 0 and the User-Account-Control attribute
// does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must
// set the password at the next logon.

if (PasswordNeverExpires(entry))
return false;

Int64 val = 0;

try
{
val = UnboxAdsiInt64(entry.Properties["pwdLastSet"].Value);
}
catch (Exception)
{
val = 0;
}

return (val == 0);
}

public bool PasswordNeverExpires(DirectoryEntry entry)
{
return GetUserAccountControlFlag(entry, ADS_USER_FLAG.ADS_UF_DONT_EXPIRE_PASSWD);
}

public bool GetUserAccountControlFlag(DirectoryEntry entry, ADS_USER_FLAG flag)
{
int userAccountControl = (int)entry.Properties["userAccountControl"].Value;
return (userAccountControl & (int)flag) != 0;
}

///
/// Gets the Password Expiration
/// Date for a domain user
/// Returns MaxValue if never expiring
/// Returns MinValue if user must
/// change password at next logon
///

///
///
public DateTime GetPasswordExpiration(DirectoryEntry user)
{
return new PasswordExpires(GetPolicy()).GetExpiration(user);
}

private DomainPolicy GetPolicy()
{
lock(this)
{
if(_policy == null)
_policy = new DomainPolicy(OpenRootDSE());

return _policy;
}
}

No comments:

Post a Comment