Geeks With Blogs

Mike H. - Another Geek In Need... WebLog

UserMustChangePassword flag – Directory Services C# Programming

 

During some development on a specific screen that allows users to set specific AD properties, one requirement was the ability to force the user to change their password when the user next logged on.

 

This was not particularly straight forward. After several different scenarios – I resolved the setting and reading of the property. When that user’s record is read from AD I set a check box on the screen indicating whether or not this flag is set. The following code snippets show how to set the flag to TRUE, and how to read whether it is set.

 

 

DirectoryEntry userEntry = new DirectoryEntry(“LDAP://developer.hamilton.com/CN=Mike Hamilton,OU=Accounts,OU=Developers,DC=developer,DC=hamilton,DC=com”);

userEntry.Properties[“pwdLastSet”].Value = 0;

userEntry.CommitChanges();

 

Setting the flag to TRUE is actually that simple. Remember, your user path object may be different than the one in this example. Now, we want to determine if this flag is set!

 

System.Int64 largeInt = 0;

IADsLargeInteger int64Val = (IADsLargeInteger)userEntry.Properties["pwdLastSet"].Value;

largeInt = int64Val.HighPart * 0x100000000 + int64Val.LowPart;

CheckBox1.Checked = (bool)(largeInt==0);

 

How did I figure this out? It wasn't by myself - trust me :)

 

The following link was very helpful in figuring out how to read the property - understanding that it was a 64bit Int. that was Marshalled by the DirectoryEntry class was the part that was not intuitive.

 

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/large_integer_property_type.asp

Many thanks to Joe Kaplan for his help.

 

Hopefully someone will find this helpful.

 

I am still working on Part 3 of the current series I am posting, and there’s much more to come.

Posted on Thursday, October 20, 2005 7:35 AM .Net Development | Back to top


Comments on this post: Directory Services Programming in C# - UserMustChangePassword Active Directory Property Setting - How To

# re: Directory Services Programming in C# - UserMustChangePassword Active Directory Property Setting - How To
Requesting Gravatar...
Why do you cast the expression "(largeInt==0)" to a bool? It is already a bool. You could have done "CheckBox1.Checked = (largeInt==0);". Or am I wrong?
Left by Leon Zandman on Nov 29, 2006 4:49 AM

# re: Directory Services Programming in C# - UserMustChangePassword Active Directory Property Setting - How To
Requesting Gravatar...
Neat, I use the A.D. Advantage library to do all my AD tasks (ad-advantage.net) but it's interesting to see how it would have to be done if I ever had to do it manually.
Left by Randy on Aug 07, 2007 1:24 AM

# re: Directory Services Programming in C# - UserMustChangePassword Active Directory Property Setting - How To
Requesting Gravatar...
ntage library to do all my AD tasks (ad-advantage.net) but it's interesting to see how it would have to be done if I ever
Left by Police Sunglasses 1594 Black on Mar 04, 2011 2:08 AM

Your comment:
 (will show your gravatar)


Copyright © Michael J. Hamilton, Sr. | Powered by: GeeksWithBlogs.net