在 Active Directory 中设置用户的 LastPasswordSet 日期

发布于 2024-09-02 16:55:48 字数 600 浏览 4 评论 0原文

我想在 Microsoft Active Directory 中设置用户的 LastPasswordSet 属性。

.NET UserPrincipal API 将 LastPasswordSet 属性公开为只读。

有没有办法解决这个问题，设置该值（也许使用 ADSI）？

编辑：

MSDN 提供了以下示例code：

usr.Properties["pwdLastSet"].Value = -1; // To turn on, set this value to 0.
usr.CommitChanges();

这会强制用户在下次登录时更改密码。我想如果我用相关格式的日期时间替换 -1 ，这将达到我想要的效果。

然而，它并没有显示我如何掌握主体（大概是usr）。我会投票支持任何能帮助我找到答案的东西。

原文

I want to set the LastPasswordSet attribute of a user in Microsoft Active Directory.

The .NET UserPrincipal API exposes the LastPasswordSet property as readonly.

Is there a way around this, to set the value (perhaps using ADSI)?

Edit:

MSDN provides the following example code:

usr.Properties["pwdLastSet"].Value = -1; // To turn on, set this value to 0.
usr.CommitChanges();

This forces the user to change their password at next logon. I presume if I replace -1 with a date-time in the relevant format, this will do what I want.

It does not, however, show how I get hold of the principal (presumably usr). I'll upvote anything that helps me find this out.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

瑕疵 2024-09-09 16:55:48

另一种方法是通过 < 对 AD 执行搜索使用用户登录的 code>DirectorySearcher 类。

public DirectoryEntry GetUser(string domain, string loginName) {
    DirectorySearcher ds = new DirectorySearcher();
    ds.SearchRoot = new DirectoryEntry(domain);
    ds.SearchScope = SearchScope.Subtree;
    ds.PropertiesToLoad.Add("sAMAccountName");
    ds.PropertiesToLoad.Add("pwdLastSet");
    ds.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(sAMAccountName={0})", loginName);

    SearchResult sr = null;

    try {
        sr = ds.FindOne();
        if (sr == null) return null;
        return sr.GetDirectoryEntry();
    } catch (Exception) {
        throw;
    }
}

然后，当想要设置 PasswordLastSet 属性时，您需要确保用户存在并且不存在拼写错误。

string loginName = "AstonB1";

using(DirectoryEntry user = GetUser(loginName)) {
    if (user == null) return;

    user.Properties["pwdLastSet"].Value = whatever-format-the-date-should-be;
    user.CommitChanges();
    user.Close();
}

Another way would be to perform a search against the AD through the DirectorySearcher class using the login of your users.

public DirectoryEntry GetUser(string domain, string loginName) {
    DirectorySearcher ds = new DirectorySearcher();
    ds.SearchRoot = new DirectoryEntry(domain);
    ds.SearchScope = SearchScope.Subtree;
    ds.PropertiesToLoad.Add("sAMAccountName");
    ds.PropertiesToLoad.Add("pwdLastSet");
    ds.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(sAMAccountName={0})", loginName);

    SearchResult sr = null;

    try {
        sr = ds.FindOne();
        if (sr == null) return null;
        return sr.GetDirectoryEntry();
    } catch (Exception) {
        throw;
    }
}

Then, when wanting to set your PasswordLastSet property, you assure that the user exists and that there is no spelling mistakes.

string loginName = "AstonB1";

using(DirectoryEntry user = GetUser(loginName)) {
    if (user == null) return;

    user.Properties["pwdLastSet"].Value = whatever-format-the-date-should-be;
    user.CommitChanges();
    user.Close();
}

回复收藏 0 原文

萌︼了一个春 2024-09-09 16:55:48

像这样的东西吗？

var usr = new DirectoryEntry("LDAP://CN=Old User,CN=users,DC=fabrikam,DC=com");
usr.Properties["pwdLastSet"].Value = whatever-format-the-date-should-be;
usr.CommitChanges();

尚未经过测试。

Something like this?

var usr = new DirectoryEntry("LDAP://CN=Old User,CN=users,DC=fabrikam,DC=com");
usr.Properties["pwdLastSet"].Value = whatever-format-the-date-should-be;
usr.CommitChanges();

As yet untested.

回复收藏 0 原文

~没有更多了~