使用DirectoryEntry无法获得AD属性（LAPS属性）

Question

I'm having this issue where I can't retrieve a AD attribute via DirectoryEntry . 我遇到了无法通过DirectoryEntry检索AD属性的问题。 I can get it via DirectorySearcher , but I'm unable to get or set it via DirectoryEntry . 我可以通过DirectorySearcher来获取它，但是无法通过DirectoryEntry来获取或设置它。

The attribute needed is ms-Mcs-AdmPwdExpirationTime which contains a NT TimeStamp, I have read and write to this attribute. 所需的属性是ms-Mcs-AdmPwdExpirationTime ，其中包含一个NT时间戳，我已经读写了该属性。

DirectoryEntry C# error in console 控制台中的DirectoryEntry C＃错误

Error HRESULT E_FAIL has been returned from a call to a COM component 错误HRESULT E_FAIL已从对COM组件的调用返回

I've tried using the following yet still unable to retrieve the attribute. 我尝试使用以下内容，但仍无法检索该属性。

RefreshCache (string[] propertyNames);

EDIT: 编辑：

ComputerPrincipal comp = ComputerPrincipal.FindByIdentity(ctx, MachineName);
DirectoryEntry de = (DirectoryEntry)comp.GetUnderlyingObject();
if (de.Properties.Contains("ms-Mcs-AdmPwd") == true)
{
    string Password = (String)de.Properties["ms-Mcs-AdmPwd"][0];
    Password_Input.Text = Password;
    DateTime NTTime = DateTime.FromFileTime(ConvertLargeIntegerToLong(de.Properties["ms-Mcs-AdmPwdExpirationTime"].Value));
    PasswordExpiry_Value.Text = NTTime.ToString("dd/MM/yyyy hh:mm:ss");
    Console.WriteLine();
}
else
{
    Password_Input.Text = "Password not set by LAPS";
}
// down the bottom of the .cs
private static long ConvertLargeIntegerToLong(object largeInteger)
{
    var type = largeInteger.GetType();
    var highPart = Convert.ToInt32(type.InvokeMember("HighPart", BindingFlags.GetProperty, null, largeInteger, null));
    var lowPart = Convert.ToInt32(type.InvokeMember("LowPart", BindingFlags.GetProperty, null, largeInteger, null));
    return (long)highPart << 32 | (uint)lowPart;
}

Answer 1

For setting properties in the past I've used this for directoryentries 过去，为了设置属性，我将其用于目录项

Path is the full LDAP path to the object but you can substitute de in your example above. 路径是对象的完整LDAP路径，但是您可以在上面的示例中替换de 。 Hopefully that's enough to resolve you're issue or at least point you in a direction. 希望这足以解决您的问题，或者至少为您指明方向。

Theres also some other answers here on why you might be getting that error. 这里还有一些其他答案，说明您为什么会收到该错误。

And here 在这里

 public Boolean set_AD_property(string attribute_, string new_value)
    {
        this.AD_object = new DirectoryEntry(this.path_);
        this.AD_object.Properties[attribute_].Value = new_value;
        try
        {
            this.AD_object.CommitChanges();
            this.AD_object.Close();
            return true;
        }
        catch (System.Exception)
        {
            return false;
        }
    }

And for reading: 并阅读：

  public object get_AD_property(string attribute_)
    {
        try
        {
            using (this.AD_object = new DirectoryEntry(this.path_))
            {
                return this.AD_object.Properties[attribute_].Value;
            }
        }
        catch (ArgumentNullException x)
        {
            return new ArgumentNullException(x.Message, x);
        }
    }

Although this wont work for more complex properties like "members" or "memberOf" 虽然这不适用于更复杂的属性，例如“ members”或“ memberOf”

使用DirectoryEntry无法获得AD属性（LAPS属性）

问题描述

1 个解决方案

解决方案1
1 2018-12-03 17:12:54

使用DirectoryEntry无法获得AD属性（LAPS属性）

问题描述

1 个解决方案

解决方案1 1 2018-12-03 17:12:54

解决方案1
1 2018-12-03 17:12:54