User Must Change Password At Next Logon - LDAP And .NET

T

Tamir Khason

The PropertyValueCollection element 0 contains a COM IDispatch Pointer
(__ComObject), use late binding to retrieve the HighPart
and LowPart properties, of the LastLogon Date.
Combine both into a long and pass it to FromFileTime.

Add a reference to activeds.tlb
Try this:

Dim de As DirectoryEntry = _
New DirectoryEntry("LDAP://xxxx/CN=Users,DC=xx,DC=yy,DC=zz")
Dim mySearcher as DirectorySearcher = new DirectorySearcher(de)
mySearcher.Filter = "(samAccountName=administrator)"
mySearcher.PropertiesToLoad.Add("samAccountName")
mySearcher.PropertiesToLoad.Add("lastLogon")
Dim myResult as SearchResult
myResult = mySearcher.FindOne()
de = new DirectoryEntry(myResult.Path)
Dim pcoll as PropertyCollection = de.Properties
Dim li as LargeInteger
Dim oli as object = pcoll("lastLogon")(0) ' Set object reference to
ILargeInteger
Dim lDate as Long = (oli.HighPart * &h100000000) + oli.LowPart 'Combine
LowPart and HighPart
Console.WriteLine("DATE = {0:D}" ,DateTime.FromFileTime(lDate)) 'Convert
from FileTime foramt to DateTime
 
R

Ram

Hey,
I'v managed to set the "User Must Change Password At Next Logon" flag on the
LDAP protocol,
Using the - "pwdLastSet" property - by setting it to - "0" (for on) or -
"-1" (for off).
The problem is, I dont know how to check what's the current status of this
user -
When I try and read this property from the user's DirectoryEntry,
I get a "System.ComObject" object, and I cant get any data from this object.
Does Anyone has an idea what object is this, or how can I get this value
otherwise?
Thanks ahead

--Ram
 
A

Arild Bakken

After you create the new user you need to set the password. Assuming your
DirectoryEntry variable representing the user is called "de" you would
simple do:

de.Invoke("SetPassword", "userinitialpassword");

Also note that if the domain is set to a higher security than default you
will need to create the user, set the password and THEN set the
userAccountControl attribute to enable the account (high security will not
allow you to enable a user account with blank passwords)

Arild
 
R

Ram

Hey Tamir,
Thanks for your replies (both in this thread and in the past ones)!
The - "LowPart" and "HighPart" methods work great,
But the thing is, when I create a new user, it gets - by default - the "Must
Change Password At Next Logon" flag.
And when I check the LowPart or HighPart at this time, they both equles to -
0.
Are there some other methods/properties for this object?
Thanks again,

--Ram
 
R

Ram

Thanks Arild - when I set the password before I Commit Changes, the - "Must
Change Password At Next Logon" flag is set to off!
Thanks for both of you for your help!

--Ram
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Slow ActiveDirectory responses 1
How can i connect LDAP and query AD to authorize Domain User Name and Password? 0
Changing Password to an account that has to change password at first logon using System.DirectorySer 10
lastLogonTimestamp 7
System.Byte[] And System.__ComObject in Active Directory LDAP brow 0
Visual Basic 2008 and Active Directory computer descriptionmodifications 2
ADODB OleDbDataAdapter different count of rows from Active Directory 0
User tokenGroups -> All Groups? Help!! 4

Top