0

We're trying to implement a Password Expiration handling mechanism in a ASP.NET MVC app using Active Directory for authorization, and we need access to Maximum Password Age value to provide a correct expiration period. However, we've not been able to access the value/property via these instructions (or similar approaches), using the DirectoryEntry API:

How can I get 'minimum password age' of user in active directory using asp.net?

Determine the maximum password age in Active Directory

In each case we simply get a NULL value for property maxPwdAge. We also query for MaxPwdAge, MaxPasswordAge, and MaximumPasswordAge (some sources suggested different property names). We also searched against different domain objects, namely the root container and the Users container to no avail.

Is there any way to find the Maximum Password Age programmatically using the DirectoryEntry API. Or alternatively, the PrincipalContext API?

4

1 回答 1

1

So, AD allows fine grained password policies. This means that max age can vary by user depending upon the configuration of the directory. Further, there are a couple of ways to configure this (using the newer FGPP mechanism or the older per-domain policy mechanism).

Brian's advice from this post should get you going.

于 2012-12-07T23:46:44.367 回答