我已经搜索了该网站的信息,并发现:
ASP.NET C# Active Directory – See how long before a user’s password expires
ASP.NET C# Active Directory – See how long before a user’s password expires
这解释了如何根据域策略获取密码到期的价值.
我的问题是这样的:如果用户具有不同MaxPasswordAge值的OU组策略,覆盖“域组策略”中指定的OU组策略?如何以编程方式获取OU的组策略对象?
编辑:为了使这个问题更加清晰,我添加了这个编辑.我以后能够告诉用户什么时候密码过期.据我所知,日期值可以由域本地策略或组对象策略来管理.我有一个Linq2DirectoryService提供程序,将Linq转换为Ldap查询.因此,获取日期到期值的LDAP查询对于此subj将是最佳的.如果你的回答包括什么对象包装支持.net被包括在这个方程式 – 这将是一个死的答案!
解决方法
让我从
http://support.microsoft.com/kb/323750开始,其中包含Visual Basic和VBScript示例以及
http://www.anitkb.com/2010/03/how-to-implement-active-directory.html,其中概述了maxPwdAge OU设置如何影响计算机而不是用户.它还有一个评论指向
AloInfo.exe作为MS的工具,可以用来获取密码年龄.
这是例子:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;
namespace LDAP
{
class Program
{
static void Main(string[] args)
{
string domainAndUsername = string.Empty;
string domain = string.Empty;
string userName = string.Empty;
string passWord = string.Empty;
AuthenticationTypes at = AuthenticationTypes.Anonymous;
StringBuilder sb = new StringBuilder();
domain = @"LDAP://w.x.y.z";
domainAndUsername = @"LDAP://w.x.y.z/cn=Lawrence E."+
" Smithmier\,Jr.,cn=Users,dc=corp,"+
"dc=productiveedge,dc=com";
userName = "Administrator";
passWord = "xxxpasswordxxx";
at = AuthenticationTypes.Secure;
DirectoryEntry entry = new DirectoryEntry(
domain,userName,passWord,at);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
SearchResultCollection results;
string filter = "maxPwdAge=*";
mySearcher.Filter = filter;
results = mySearcher.FindAll();
long maxDays = 0;
if(results.Count>=1)
{
Int64 maxPwdAge=(Int64)results[0].Properties["maxPwdAge"][0];
maxDays = maxPwdAge/-864000000000;
}
DirectoryEntry entryUser = new DirectoryEntry(
domainAndUsername,at);
mySearcher = new DirectorySearcher(entryUser);
results = mySearcher.FindAll();
long daysLeft=0;
if (results.Count >= 1)
{
var lastChanged = results[0].Properties["pwdLastSet"][0];
daysLeft = maxDays - DateTime.Today.Subtract(
DateTime.FromFileTime((long)lastChanged)).Days;
}
Console.WriteLine(
String.Format("You must change your password within"+
" {0} days",daysLeft));
Console.ReadLine();
}
}
}
