Determining the Password Age from Active Directory

  • Thread starter Thread starter Andy M
  • Start date Start date
A

Andy M

I am trying to retrieve the password age from Active Directory using the
classes in System.DirectoryServices. However when I get that property it
is returning a COM object. What do I need to do with that to get the
password age out?

To be exact the debugger reports the value is a System.__ComObject. If I
drop it into the watch window and expand it out it still gives me no new
inforomation.

What COM interfaces do I have to declare? I have searched all over the
place, MSDN, Google, Google Groups and this seems to be something that
is just swept under the carpet. No one either knows or wants to know.
There are a few VBScripts out there, but that does not really help me.
Or perhaps my search terms are not quite right. I've searched on various
combinations of: LDAP DirectoryServices DirectoryEntry PasswordAge
Active Directory .NET C#

What I am trying to do is authenticate a user as they log in to my
system (as described in How To Use Forms Authentication with Active
Directory
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT02.asp)
and then warn them if their password is about to expire. Perhaps I am
not looking at this from the right angle.

If it helps I wrote a little test app to try some things out. Perhaps
I'm doing something wrong here:
static void Main(string[] args)
{
string thePath = "LDAP://company.com/DC=company,DC=com";
string domainAndUsername = domain + @"\" + username;
Console.Write("Enter Password:");
string password = Console.ReadLine();
for(int i=0;i<300;i++)
Console.WriteLine();
DirectoryEntry entry = new DirectoryEntry( thePath,
domainAndUsername, password);
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if(null == result)
{
return;
}
// Update the new path to the user in the directory
thePath = result.Path;
string theFilterAttribute = (string)result.Properties["cn"][0];
PropertyCollection coll = entry.Properties;
Console.Write("Number of properties: {0}", coll.Count);
foreach (string name in coll.PropertyNames)
{
PropertyValueCollection pvc = coll[name];
object val = pvc.Value;
if ((name == "minPwdAge") || (name == "maxPwdAge"))
Debugger.Break();
Console.WriteLine("{0}: {1}", name, val);
}
Console.ReadLine();
}



Cheers,
Andy.
 
Back
Top