User Must Change Password At Next Logon - LDAP And .NET


Tamir Khason

The PropertyValueCollection element 0 contains a COM IDispatch Pointer
(__ComObject), use late binding to retrieve the HighPart
and LowPart properties, of the LastLogon Date.
Combine both into a long and pass it to FromFileTime.

Add a reference to activeds.tlb
Try this:

Dim de As DirectoryEntry = _
New DirectoryEntry("LDAP://xxxx/CN=Users,DC=xx,DC=yy,DC=zz")
Dim mySearcher as DirectorySearcher = new DirectorySearcher(de)
mySearcher.Filter = "(samAccountName=administrator)"
Dim myResult as SearchResult
myResult = mySearcher.FindOne()
de = new DirectoryEntry(myResult.Path)
Dim pcoll as PropertyCollection = de.Properties
Dim li as LargeInteger
Dim oli as object = pcoll("lastLogon")(0) ' Set object reference to
Dim lDate as Long = (oli.HighPart * &h100000000) + oli.LowPart 'Combine
LowPart and HighPart
Console.WriteLine("DATE = {0:D}" ,DateTime.FromFileTime(lDate)) 'Convert
from FileTime foramt to DateTime


I'v managed to set the "User Must Change Password At Next Logon" flag on the
LDAP protocol,
Using the - "pwdLastSet" property - by setting it to - "0" (for on) or -
"-1" (for off).
The problem is, I dont know how to check what's the current status of this
user -
When I try and read this property from the user's DirectoryEntry,
I get a "System.ComObject" object, and I cant get any data from this object.
Does Anyone has an idea what object is this, or how can I get this value
Thanks ahead


Arild Bakken

After you create the new user you need to set the password. Assuming your
DirectoryEntry variable representing the user is called "de" you would
simple do:

de.Invoke("SetPassword", "userinitialpassword");

Also note that if the domain is set to a higher security than default you
will need to create the user, set the password and THEN set the
userAccountControl attribute to enable the account (high security will not
allow you to enable a user account with blank passwords)



Hey Tamir,
Thanks for your replies (both in this thread and in the past ones)!
The - "LowPart" and "HighPart" methods work great,
But the thing is, when I create a new user, it gets - by default - the "Must
Change Password At Next Logon" flag.
And when I check the LowPart or HighPart at this time, they both equles to -
Are there some other methods/properties for this object?
Thanks again,



Thanks Arild - when I set the password before I Commit Changes, the - "Must
Change Password At Next Logon" flag is set to off!
Thanks for both of you for your help!


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question