1

我喜欢计算活动目录中用户的密码到期日期

我能够获得 MaxPWdAge 和 LastPwdSet 属性。

但问题是,每当我出于测试目的更改某个用户的密码时,lastPwdSet 没有更新,它仍然显示旧日期?

谁能告诉我为什么会这样?

public bool CheckPassWordExpiryDate(string LdapPath, string Username, string Password)
        {
            DomainConfiguration domainConfig = new DomainConfiguration();
            // Configuration(web.config) changes
            DirectoryEntry de = new DirectoryEntry("LDAP://" + LdapPath, domainConfig.UserName, domainConfig.Password);
            DirectoryEntry entry = new DirectoryEntry();
            entry.Username = Username;
            entry.Password = Password;

            //Function to get maximum password age from the active directory
            int maxPwdAge = GetMaxPasswordAge(); 

            // Function to get last password set date for the use.
            DateTime pwdLastSet = GetPwdLastSet("pwdLastSet", Username);

            //Add maximum password age days to Last password set days , if it is less than today's date means that password has been expired else it is not expired
            if (pwdLastSet.AddDays(maxPwdAge) < DateTime.Now)
            {
                return true;
            }
            else
            {
                return false;
            }
        }

        public static int GetMaxPasswordAge()
        {
            DomainConfiguration domainConfig = new DomainConfiguration();
            using (new SPMonitoredScope("AD Properties"))
            {
                using (DirectoryEntry domain = new DirectoryEntry("LDAP://" + domainConfig.DomainName, domainConfig.UserName, domainConfig.Password))
                {
                    DirectorySearcher ds = new DirectorySearcher(
                        domain,
                        "(objectClass=*)",
                        null,
                        SearchScope.Base
                        );

                    SearchResult sr = ds.FindOne();
                    TimeSpan maxPwdAge = TimeSpan.MinValue;
                    if (sr.Properties.Contains("maxPwdAge"))
                        maxPwdAge = TimeSpan.FromTicks((long)sr.Properties["maxPwdAge"][0]);
                    return maxPwdAge.Duration().Days;
                }
            }
        }
        public DateTime GetPwdLastSet(string attr, string UserName)
        {

            DomainConfiguration domainConfig = new DomainConfiguration();
            using (new SPMonitoredScope("AD Properties"))
            {
                using (DirectoryEntry domain = new DirectoryEntry("LDAP://" + domainConfig.DomainName, domainConfig.UserName, domainConfig.Password))
                {
                    //DirectorySearcher searcher = new DirectorySearcher(domain, "(|(objectClass=organizationalUnit)(objectClass=container)(objectClass=builtinDomain)(objectClass=domainDNS))");
                    DirectorySearcher searcher = new DirectorySearcher(domain);
                    searcher.PageSize = 1000;
                    searcher.Filter = "(SAMAccountName='" + UserName + "')";
                    searcher.Filter = "(|(objectCategory=group)(objectCategory=person))";
                    var user = searcher.FindOne();
                    DateTime pwdLastSet = DateTime.FromFileTime((Int64)user.Properties["PwdLastSet"][0]);
                    return pwdLastSet;
                }
            }
        }
    } }
4

0 回答 0