User Must Change Password At Next Logon - LDAP And .NET

  • Thread starter Thread starter Tamir Khason
  • Start date Start date
T

Tamir Khason

The PropertyValueCollection element 0 contains a COM IDispatch Pointer
(__ComObject), use late binding to retrieve the HighPart
and LowPart properties, of the LastLogon Date.
Combine both into a long and pass it to FromFileTime.

Add a reference to activeds.tlb
Try this:

Dim de As DirectoryEntry = _
New DirectoryEntry("LDAP://xxxx/CN=Users,DC=xx,DC=yy,DC=zz")
Dim mySearcher as DirectorySearcher = new DirectorySearcher(de)
mySearcher.Filter = "(samAccountName=administrator)"
mySearcher.PropertiesToLoad.Add("samAccountName")
mySearcher.PropertiesToLoad.Add("lastLogon")
Dim myResult as SearchResult
myResult = mySearcher.FindOne()
de = new DirectoryEntry(myResult.Path)
Dim pcoll as PropertyCollection = de.Properties
Dim li as LargeInteger
Dim oli as object = pcoll("lastLogon")(0) ' Set object reference to
ILargeInteger
Dim lDate as Long = (oli.HighPart * &h100000000) + oli.LowPart 'Combine
LowPart and HighPart
Console.WriteLine("DATE = {0:D}" ,DateTime.FromFileTime(lDate)) 'Convert
from FileTime foramt to DateTime
 
Hey,
I'v managed to set the "User Must Change Password At Next Logon" flag on the
LDAP protocol,
Using the - "pwdLastSet" property - by setting it to - "0" (for on) or -
"-1" (for off).
The problem is, I dont know how to check what's the current status of this
user -
When I try and read this property from the user's DirectoryEntry,
I get a "System.ComObject" object, and I cant get any data from this object.
Does Anyone has an idea what object is this, or how can I get this value
otherwise?
Thanks ahead

--Ram
 
After you create the new user you need to set the password. Assuming your
DirectoryEntry variable representing the user is called "de" you would
simple do:

de.Invoke("SetPassword", "userinitialpassword");

Also note that if the domain is set to a higher security than default you
will need to create the user, set the password and THEN set the
userAccountControl attribute to enable the account (high security will not
allow you to enable a user account with blank passwords)

Arild
 
Hey Tamir,
Thanks for your replies (both in this thread and in the past ones)!
The - "LowPart" and "HighPart" methods work great,
But the thing is, when I create a new user, it gets - by default - the "Must
Change Password At Next Logon" flag.
And when I check the LowPart or HighPart at this time, they both equles to -
0.
Are there some other methods/properties for this object?
Thanks again,

--Ram
 
Thanks Arild - when I set the password before I Commit Changes, the - "Must
Change Password At Next Logon" flag is set to off!
Thanks for both of you for your help!

--Ram
 
Back
Top