使用C#检测用户是否必须在Active Directory中重置密码
[英]Detect if User Must Reset Password In Active Directory Using C#
问题描述
In Active Directory, if a user's account is disabled and then enabled, by default, the user must change their password on first login. 
在Active Directory中,如果用户的帐户被禁用然后启用,则默认情况下,用户必须在首次登录时更改其密码。 I am struggling to be able to detect this programmaticly using C#? 我正在努力能够使用C#以编程方式检测到这一点? Is there a property that is set or something along those lines if a user must reset their property? 如果用户必须重置其属性,是否有设置或属于这些行的属性?
Say I have a DirecotryEntry object pointing to a user: 假设我有一个指向用户的DirecotryEntry对象:
DirectoryEntry user = ...
Is there a property that I can use: 有没有我可以使用的财产:
user.Properties[someProperty];
4 个解决方案
解决方案1
8 2011-11-08 15:55:04
解决方案2
6 2011-11-08 16:38:46
Here is what I wrote to do this. 这是我写的这样做的。 Not exactly answering your question but useful to others who read it later. 不完全回答你的问题,但对后来阅读它的人有用。
The important bits are from PrincipalContext on. 重要的部分来自PrincipalContext on。 All the stuff above that is just how I tried to always get the AdName back with the exact correct capitalization. 上面的所有内容就是我试图始终以正确的大小写返回AdName的方式。
Note this is just the code do do the first answer, test LastPasswordSet using a user principal instead of a DE. 请注意,这只是代码做的第一个答案,使用用户主体而不是DE来测试LastPasswordSet。
Eric- Eric-
private bool TestAdShouldChangePassword( string adUser )
{
try
{
string adName = "";
MembershipUser mu = Membership.GetUser( adUser );
if ( mu != null )
{
IStudentPortalLoginBLL splBll = ObjectFactory.GetInstance< IStudentPortalLoginBLL >();
adName = splBll.GetCleanAdName( adUser );// I wrote this is just pulls outhe name and fixes the caplitalization - EWB
PrincipalContext pctx = new PrincipalContext( System.DirectoryServices.AccountManagement.ContextType.Domain );
UserPrincipal p = UserPrincipal.FindByIdentity( pctx, adName );
if ( p == null )
return false;
if ( p.LastPasswordSet.HasValue == false && p.PasswordNeverExpires == false )
{
return true;
}
}
}
catch ( MultipleMatchesException mmex )
{
log.Error ( "TestAdShouldChangePassword( ad user = '" + adUser + "' ) - Exception finding user, can't determine if ad says to change password, returing false : Ex = " + mmex.ToString() );
}
return false;
}
解决方案3
3 已采纳 2011-11-08 20:28:31
Was able to get it using the following code: 能够使用以下代码获取它:
public bool PasswordRequiresChanged(string userName)
{
DirectoryEntry user = GetUser(userName); //A directory entry pointing to the user
Int64 pls;
int uac;
if (user != null && user.Properties["pwdLastSet"] != null && user.Properties["pwdLastSet"].Value != null)
{
pls = ConvertADSLargeIntegerToInt64(user.Properties["pwdLastSet"].Value);
}
else
{
throw new Exception("Could not determine if password needs reset");
}
if (user != null && user.Properties["UserAccountControl"] != null && user.Properties["UserAccountControl"].Value != null)
{
uac = (int)user.Properties["UserAccountControl"].Value;
}
else
{
throw new Exception("Could not determine if password needs reset");
}
return (pls == 0) && ((uac & 0x00010000) == 0) ? true : false;
}
private static Int64 ConvertADSLargeIntegerToInt64(object adsLargeInteger)
{
var highPart = (Int32)adsLargeInteger.GetType().InvokeMember("HighPart", System.Reflection.BindingFlags.GetProperty, null, adsLargeInteger, null);
var lowPart = (Int32)adsLargeInteger.GetType().InvokeMember("LowPart", System.Reflection.BindingFlags.GetProperty, null, adsLargeInteger, null);
return highPart * ((Int64)UInt32.MaxValue + 1) + lowPart;
}
解决方案4
1 2012-05-30 20:23:30
var username = "radmin";
var adContext = new PrincipalContext(ContextType.Domain, adLocation, adContainer, adAdminUsername, adAdminPassword);
var user = UserPrincipal.FindByIdentity(adContext, username);
Console.WriteLine(user.LastPasswordSet);
If LastPasswordSet has a null value, the "user must change password at next logon". 如果LastPasswordSet具有空值,则“用户必须在下次登录时更改密码”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.