1

ActiveDirectory内のユーザーのpassowrd有効期限を計算するのが好きです

MaxPWdAge属性とLastPwdSet属性を取得できます。

しかし、問題は、テスト目的でユーザーの1人のパスワードを変更するときはいつでも、lastPwdSetが更新されず、古い日付が表示されたままになることです。

なぜこれが起こるのか誰か教えてもらえますか?

public bool CheckPassWordExpiryDate(string LdapPath, string Username, string Password)
        {
            DomainConfiguration domainConfig = new DomainConfiguration();
            // Configuration(web.config) changes
            DirectoryEntry de = new DirectoryEntry("LDAP://" + LdapPath, domainConfig.UserName, domainConfig.Password);
            DirectoryEntry entry = new DirectoryEntry();
            entry.Username = Username;
            entry.Password = Password;

            //Function to get maximum password age from the active directory
            int maxPwdAge = GetMaxPasswordAge(); 

            // Function to get last password set date for the use.
            DateTime pwdLastSet = GetPwdLastSet("pwdLastSet", Username);

            //Add maximum password age days to Last password set days , if it is less than today's date means that password has been expired else it is not expired
            if (pwdLastSet.AddDays(maxPwdAge) < DateTime.Now)
            {
                return true;
            }
            else
            {
                return false;
            }
        }

        public static int GetMaxPasswordAge()
        {
            DomainConfiguration domainConfig = new DomainConfiguration();
            using (new SPMonitoredScope("AD Properties"))
            {
                using (DirectoryEntry domain = new DirectoryEntry("LDAP://" + domainConfig.DomainName, domainConfig.UserName, domainConfig.Password))
                {
                    DirectorySearcher ds = new DirectorySearcher(
                        domain,
                        "(objectClass=*)",
                        null,
                        SearchScope.Base
                        );

                    SearchResult sr = ds.FindOne();
                    TimeSpan maxPwdAge = TimeSpan.MinValue;
                    if (sr.Properties.Contains("maxPwdAge"))
                        maxPwdAge = TimeSpan.FromTicks((long)sr.Properties["maxPwdAge"][0]);
                    return maxPwdAge.Duration().Days;
                }
            }
        }
        public DateTime GetPwdLastSet(string attr, string UserName)
        {

            DomainConfiguration domainConfig = new DomainConfiguration();
            using (new SPMonitoredScope("AD Properties"))
            {
                using (DirectoryEntry domain = new DirectoryEntry("LDAP://" + domainConfig.DomainName, domainConfig.UserName, domainConfig.Password))
                {
                    //DirectorySearcher searcher = new DirectorySearcher(domain, "(|(objectClass=organizationalUnit)(objectClass=container)(objectClass=builtinDomain)(objectClass=domainDNS))");
                    DirectorySearcher searcher = new DirectorySearcher(domain);
                    searcher.PageSize = 1000;
                    searcher.Filter = "(SAMAccountName='" + UserName + "')";
                    searcher.Filter = "(|(objectCategory=group)(objectCategory=person))";
                    var user = searcher.FindOne();
                    DateTime pwdLastSet = DateTime.FromFileTime((Int64)user.Properties["PwdLastSet"][0]);
                    return pwdLastSet;
                }
            }
        }
    } }
4

0 に答える 0