[英]Detect if User Must Reset Password In Active Directory Using C#
在Active Directory中,如果用戶的帳戶被禁用然后啟用,則默認情況下,用戶必須在首次登錄時更改其密碼。 我正在努力能夠使用C#以編程方式檢測到這一點? 如果用戶必須重置其屬性,是否有設置或屬於這些行的屬性?
假設我有一個指向用戶的DirecotryEntry
對象:
DirectoryEntry user = ...
有沒有我可以使用的財產:
user.Properties[someProperty];
這是我寫的這樣做的。 不完全回答你的問題,但對后來閱讀它的人有用。
重要的部分來自PrincipalContext on。 上面的所有內容就是我試圖始終以正確的大小寫返回AdName的方式。
請注意,這只是代碼做的第一個答案,使用用戶主體而不是DE來測試LastPasswordSet。
Eric-
private bool TestAdShouldChangePassword( string adUser )
{
try
{
string adName = "";
MembershipUser mu = Membership.GetUser( adUser );
if ( mu != null )
{
IStudentPortalLoginBLL splBll = ObjectFactory.GetInstance< IStudentPortalLoginBLL >();
adName = splBll.GetCleanAdName( adUser );// I wrote this is just pulls outhe name and fixes the caplitalization - EWB
PrincipalContext pctx = new PrincipalContext( System.DirectoryServices.AccountManagement.ContextType.Domain );
UserPrincipal p = UserPrincipal.FindByIdentity( pctx, adName );
if ( p == null )
return false;
if ( p.LastPasswordSet.HasValue == false && p.PasswordNeverExpires == false )
{
return true;
}
}
}
catch ( MultipleMatchesException mmex )
{
log.Error ( "TestAdShouldChangePassword( ad user = '" + adUser + "' ) - Exception finding user, can't determine if ad says to change password, returing false : Ex = " + mmex.ToString() );
}
return false;
}
能夠使用以下代碼獲取它:
public bool PasswordRequiresChanged(string userName)
{
DirectoryEntry user = GetUser(userName); //A directory entry pointing to the user
Int64 pls;
int uac;
if (user != null && user.Properties["pwdLastSet"] != null && user.Properties["pwdLastSet"].Value != null)
{
pls = ConvertADSLargeIntegerToInt64(user.Properties["pwdLastSet"].Value);
}
else
{
throw new Exception("Could not determine if password needs reset");
}
if (user != null && user.Properties["UserAccountControl"] != null && user.Properties["UserAccountControl"].Value != null)
{
uac = (int)user.Properties["UserAccountControl"].Value;
}
else
{
throw new Exception("Could not determine if password needs reset");
}
return (pls == 0) && ((uac & 0x00010000) == 0) ? true : false;
}
private static Int64 ConvertADSLargeIntegerToInt64(object adsLargeInteger)
{
var highPart = (Int32)adsLargeInteger.GetType().InvokeMember("HighPart", System.Reflection.BindingFlags.GetProperty, null, adsLargeInteger, null);
var lowPart = (Int32)adsLargeInteger.GetType().InvokeMember("LowPart", System.Reflection.BindingFlags.GetProperty, null, adsLargeInteger, null);
return highPart * ((Int64)UInt32.MaxValue + 1) + lowPart;
}
var username = "radmin";
var adContext = new PrincipalContext(ContextType.Domain, adLocation, adContainer, adAdminUsername, adAdminPassword);
var user = UserPrincipal.FindByIdentity(adContext, username);
Console.WriteLine(user.LastPasswordSet);
如果LastPasswordSet具有空值,則“用戶必須在下次登錄時更改密碼”。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.