stackoom
  简体   繁体   中英

Setting Active Directory Account Expiration with LDAP and C#

 原文  2013-03-07 21:04:54       c#/ active-directory

Question

I am wanting to set a new users account to expire in 90 days from when it is created. Here is my code to create the user and set everything up. Everything works except for the last block where i am trying to set it to expire. 

            DirectoryEntry newUser = dirEntry.Children.Add("CN=" + cnUser, "user");
            newUser.Properties["samAccountName"].Value = cnUser;
            newUser.Properties["userPrincipalName"].Value = cnUser;
            newUser.Properties["pwdLastSet"].Value = 0;
            newUser.CommitChanges();

            //Changes Password
            String passwrd = userPassword.ToString();
            newUser.Invoke("SetPassword", new object[] { passwrd });
            newUser.CommitChanges();

            //Sets User Account to Change Passowrd on new login
            newUser.Properties["pwdLastSet"].Value = 0;
            newUser.CommitChanges();

            //Enables account
            newUser.Properties["userAccountControl"].Value = (int)newUser.Properties["userAccountControl"].Value & ~0x2;
            newUser.CommitChanges();

            //Set the account to expire in 90 days
            var dt1 = DateTime.Today.AddDays(90);
            newUser.Properties["accountExpires"].Value = dt1.ToFileTime().ToString();
            newUser.CommitChanges();

Any Suggestions on how to get his working?

Thanks

3 answers

solution1
 6 ACCPTED  2013-03-07 21:08:44

See The Documentation about this field. You'll need to convert that to "ticks" -- 

the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) indicates that the account never expires.

new DateTime(DateTime.UtcNow.AddDays(90).Ticks - new DateTime(1601, 1, 1).Ticks) will get you the correct and exact value.

You can check your work (manually) by getting the value from the above expression and executing: 

w32tm.exe /ntte 130149277684873234

The results of the above command for me was 

150635 17:42:48.4873234 - 6/5/2013 12:42:48 PM

solution2
 4  2015-02-20 02:44:19

Or you could do: 

DateTime expire = System.DateTime.Now.AddDays(90);
newUser.Properties["accountExpires"].Value = Convert.ToString((Int64)expire.ToFileTime());
newUser.CommitChanges();

This is a bit easier to deal with than messing with ticks and all that

solution3
 0  2015-06-04 11:34:59

reference : https://msdn.microsoft.com/en-us/library/ms180914(v=vs.80).aspx 

//Use the DirectoryEntry.InvokeSet method to invoke the AccountExpirationDate property setter.

System.DirectoryServices.DirectoryEntry dirEntryLocalMachine =
    new System.DirectoryServices.DirectoryEntry("WinNT://" + Environment.MachineName + "/" + userID);

dirEntryLocalMachine .InvokeSet("AccountExpirationDate", new object[] {new DateTime(2005, 12, 29)});

//Commit the changes.
usr.CommitChanges();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Active Directory using ldap in C# c# against Active Directory over LDAP Opensource LDAP C# (active directory) searching users in active directory c# ldap Unlock an Active Directory account via C# C# Active Directory setting user properties C# - Retrieve Group members of Active Directory using LDAP Check list of users exist in Active Directory using LDAP in C# Active Directory LDAP - Lock User Account Disable User Account in Active Directory using C# Code
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM