使用C＃登录到Active Directory

Question

I am wondering how to set the Logon Count in Active Directory (AD) from C#. Currently, I have a library that checks to see if a specific user is in AD based on username and password, but when I look at that user in AD Explorer, I don't see the logon count number getting bigger (from 1 to 2 and so on).

I am assuming that I need to access a 'Logon' method from C# in order to do this, but I don't see a method like that in any of the DirectoryServices (as well as AccountManagement) methods.

Any suggestions?

Thank you, Tim

Answer 1

Have you checked all your domain controllers? Per the documentation of that attribute:

This attribute is not replicated and is maintained on each domain controller in the domain. To get an accurate value for the user's total number of successful logon attempts in the domain, each domain controller in the domain must be queried and the sum of the values should be used. Keep in mind that the attribute is not replicated, therefore domain controllers that are retired may have counted logons for the user as well, and these will be missing from the count.

edit: I guess it depends on how you're testing the user name and password. In one of my applications I check the U/P in fashion similar to this.

NetworkCredential credentials = new NetworkCredential(userName, password, domain);
        LdapDirectoryIdentifier id = new LdapDirectoryIdentifier(domain);
        using (LdapConnection connection = new LdapConnection(id, credentials, AuthType.Kerberos))
        {
            connection.SessionOptions.Sealing = true;
            connection.SessionOptions.Signing = true;

            try
            {
                connection.Bind();
            }
            catch (LdapException lEx)
            {
                if (ERROR_LOGON_FAILURE == lEx.ErrorCode)
                {
                    return false;
                }
                throw;
            }

        }
        return true;

Which after several attempts didn't seem to increment the logon counter on the DC I was hitting.

However, when I used this method

using (PrincipalContext pc = new PrincipalContext(ContextType.Domain))
        {
            bool authenticated;
            authenticated = pc.ValidateCredentials(userName, password);
            if (authenticated)
            {
                return true;
            }
            else
            {
                return false;
            }
        }

It did increment it. At least after a couple tries. We have a bunch of DCs here and I don't know how to target a specific one.