UserMustChangePassword flag – Directory Services C# Programming
During some development on a specific screen that allows users to set specific AD properties, one requirement was the ability to force the user to change their password when the user next logged on.
This was not particularly straight forward. After several different scenarios – I resolved the setting and reading of the property. When that user’s record is read from AD I set a check box on the screen indicating whether or not this flag is set. The following code snippets show how to set the flag to TRUE, and how to read whether it is set.
DirectoryEntry userEntry = new DirectoryEntry(“LDAP://developer.hamilton.com/CN=Mike Hamilton,OU=Accounts,OU=Developers,DC=developer,DC=hamilton,DC=com”);
userEntry.Properties[“pwdLastSet”].Value = 0;
userEntry.CommitChanges();
Setting the flag to TRUE is actually that simple. Remember, your user path object may be different than the one in this example. Now, we want to determine if this flag is set!
System.Int64 largeInt = 0;
IADsLargeInteger int64Val = (IADsLargeInteger)userEntry.Properties["pwdLastSet"].Value;
largeInt = int64Val.HighPart * 0x100000000 + int64Val.LowPart;
CheckBox1.Checked = (bool)(largeInt==0);
How did I figure this out? It wasn't by myself - trust me :)
The following link was very helpful in figuring out how to read the property - understanding that it was a 64bit Int. that was Marshalled by the DirectoryEntry class was the part that was not intuitive.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/large_integer_property_type.asp
Many thanks to Joe Kaplan for his help.
Hopefully someone will find this helpful.
I am still working on Part 3 of the current series I am posting, and there’s much more to come.