当前位置: 文江博客话题详情

使用 C# 检测用户是否必须在 Active Directory 中重置密码

发布于 2024-12-14 02:46:56 字数 302 浏览 1 评论 0原文

在 Active Directory 中,如果用户的帐户被禁用然后又启用,则默认情况下,用户必须在首次登录时更改其密码。我正在努力使用 C# 以编程方式检测此问题?如果用户必须重置其属性,是否存在已设置的属性或类似的内容?

假设我有一个指向用户的 DirecotryEntry 对象:

DirectoryEntry user = ...

是否有一个我可以使用的属性:

user.Properties[someProperty];
原文

In Active Directory, if a user's account is disabled and then enabled, by default, the user must change their password on first login. I am struggling to be able to detect this programmaticly using C#? Is there a property that is set or something along those lines if a user must reset their property?

Say I have a DirecotryEntry object pointing to a user:

DirectoryEntry user = ...

Is there a property that I can use:

user.Properties[someProperty];

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

剧终人散尽 2024-12-21 02:46:56

该条件存储在两个属性中:

  • pwdLastSet :如果值设置为 0 ...
  • userAccountControl :并且未设置 UF_DONT_EXPIRE_PASSWD 标志。

来自此处

The condition is stored in two attributes:

  • pwdLastSet : If the value is set to 0 ...
  • userAccountControl : and the UF_DONT_EXPIRE_PASSWD flag is not set.

From here.

回复 原文
魂ガ小子 2024-12-21 02:46:56

这是我为此而写的内容。不完全回答你的问题,但对后来阅读它的其他人有用。

重要的部分是从PrincipalContext开始的。
上面的所有内容就是我试图始终以完全正确的大写形式返回 AdName 的方法。

请注意,这只是第一个答案的代码,使用用户主体而不是 DE 来测试 LastPasswordSet。

埃里克-

     private bool TestAdShouldChangePassword( string adUser )
     {
                    try
                    {
                        string adName = "";
                        MembershipUser mu = Membership.GetUser( adUser );

                        if ( mu != null )
                        {
                            IStudentPortalLoginBLL splBll = ObjectFactory.GetInstance< IStudentPortalLoginBLL >();
                            adName = splBll.GetCleanAdName( adUser );// I wrote this is just pulls outhe name and fixes the caplitalization - EWB

                            PrincipalContext pctx = new PrincipalContext( System.DirectoryServices.AccountManagement.ContextType.Domain );
                            UserPrincipal p = UserPrincipal.FindByIdentity( pctx, adName );

                            if ( p == null )
                                return false;

                            if ( p.LastPasswordSet.HasValue == false && p.PasswordNeverExpires == false )
                            {
                                return true;
                            }
                        }
                    }
                    catch ( MultipleMatchesException mmex )
                    {
                        log.Error ( "TestAdShouldChangePassword( ad user = '" + adUser + "' ) - Exception finding user, can't determine if ad says to change password, returing false : Ex = " + mmex.ToString() );
                    }

                    return false;
      }

Here is what I wrote to do this. Not exactly answering your question but useful to others who read it later.

The important bits are from PrincipalContext on.
All the stuff above that is just how I tried to always get the AdName back with the exact correct capitalization.

Note this is just the code do do the first answer, test LastPasswordSet using a user principal instead of a DE.

Eric-

     private bool TestAdShouldChangePassword( string adUser )
     {
                    try
                    {
                        string adName = "";
                        MembershipUser mu = Membership.GetUser( adUser );

                        if ( mu != null )
                        {
                            IStudentPortalLoginBLL splBll = ObjectFactory.GetInstance< IStudentPortalLoginBLL >();
                            adName = splBll.GetCleanAdName( adUser );// I wrote this is just pulls outhe name and fixes the caplitalization - EWB

                            PrincipalContext pctx = new PrincipalContext( System.DirectoryServices.AccountManagement.ContextType.Domain );
                            UserPrincipal p = UserPrincipal.FindByIdentity( pctx, adName );

                            if ( p == null )
                                return false;

                            if ( p.LastPasswordSet.HasValue == false && p.PasswordNeverExpires == false )
                            {
                                return true;
                            }
                        }
                    }
                    catch ( MultipleMatchesException mmex )
                    {
                        log.Error ( "TestAdShouldChangePassword( ad user = '" + adUser + "' ) - Exception finding user, can't determine if ad says to change password, returing false : Ex = " + mmex.ToString() );
                    }

                    return false;
      }
回复 原文
幻梦 2024-12-21 02:46:56

能够使用以下代码获取它:


        public bool PasswordRequiresChanged(string userName)
        {
            DirectoryEntry user = GetUser(userName); //A directory entry pointing to the user
            Int64 pls;
            int uac;

            if (user != null && user.Properties["pwdLastSet"] != null && user.Properties["pwdLastSet"].Value != null)
            {
                pls = ConvertADSLargeIntegerToInt64(user.Properties["pwdLastSet"].Value);           
            }
            else
            {
                throw new Exception("Could not determine if password needs reset");
            }

            if (user != null && user.Properties["UserAccountControl"] != null && user.Properties["UserAccountControl"].Value != null)
            {
                uac = (int)user.Properties["UserAccountControl"].Value;
            }
            else
            {
                throw new Exception("Could not determine if password needs reset");
            }

            return (pls == 0) && ((uac & 0x00010000) == 0) ? true : false;
        }



 private static Int64 ConvertADSLargeIntegerToInt64(object adsLargeInteger)
        {
            var highPart = (Int32)adsLargeInteger.GetType().InvokeMember("HighPart", System.Reflection.BindingFlags.GetProperty, null, adsLargeInteger, null);
            var lowPart = (Int32)adsLargeInteger.GetType().InvokeMember("LowPart", System.Reflection.BindingFlags.GetProperty, null, adsLargeInteger, null);
            return highPart * ((Int64)UInt32.MaxValue + 1) + lowPart;
        }

Was able to get it using the following code:


        public bool PasswordRequiresChanged(string userName)
        {
            DirectoryEntry user = GetUser(userName); //A directory entry pointing to the user
            Int64 pls;
            int uac;

            if (user != null && user.Properties["pwdLastSet"] != null && user.Properties["pwdLastSet"].Value != null)
            {
                pls = ConvertADSLargeIntegerToInt64(user.Properties["pwdLastSet"].Value);           
            }
            else
            {
                throw new Exception("Could not determine if password needs reset");
            }

            if (user != null && user.Properties["UserAccountControl"] != null && user.Properties["UserAccountControl"].Value != null)
            {
                uac = (int)user.Properties["UserAccountControl"].Value;
            }
            else
            {
                throw new Exception("Could not determine if password needs reset");
            }

            return (pls == 0) && ((uac & 0x00010000) == 0) ? true : false;
        }



 private static Int64 ConvertADSLargeIntegerToInt64(object adsLargeInteger)
        {
            var highPart = (Int32)adsLargeInteger.GetType().InvokeMember("HighPart", System.Reflection.BindingFlags.GetProperty, null, adsLargeInteger, null);
            var lowPart = (Int32)adsLargeInteger.GetType().InvokeMember("LowPart", System.Reflection.BindingFlags.GetProperty, null, adsLargeInteger, null);
            return highPart * ((Int64)UInt32.MaxValue + 1) + lowPart;
        }
回复 原文
仅冇旳回忆 2024-12-21 02:46:56
var username = "radmin";
var adContext = new PrincipalContext(ContextType.Domain, adLocation, adContainer, adAdminUsername, adAdminPassword);
var user = UserPrincipal.FindByIdentity(adContext, username);
Console.WriteLine(user.LastPasswordSet);

如果 LastPasswordSet 具有空值,则“用户必须在下次登录时更改密码”。

var username = "radmin";
var adContext = new PrincipalContext(ContextType.Domain, adLocation, adContainer, adAdminUsername, adAdminPassword);
var user = UserPrincipal.FindByIdentity(adContext, username);
Console.WriteLine(user.LastPasswordSet);

If LastPasswordSet has a null value, the "user must change password at next logon".

回复 原文
~没有更多了~

关于作者

栀梦

暂无简介

文章
评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

琉璃梦幻

文章 0 评论 0

qq_4zWU6L

文章 0 评论 0

话少情深

文章 0 评论 0

西西弗的石头怪

文章 0 评论 0

彻夜缠绵

文章 0 评论 0

千寻…

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文