C# -- Active Directory -- accountExpires 属性读取不正确
我正在开发一个列出活动目录用户的许多属性的工具。目前,我可以通过向 lastPasswordSet 属性添加 90 天(典型策略)来显示过期日期。但是,某些帐户设置为永不过期。
我做了一些研究并发现,如果该属性在转换为长整数时等于 9223372036854775807 则密码永远不会过期(至少我被告知)。
我遇到的问题是我查找的每个帐户的 accountExpires 值都是 9223372036854775807 。我有 Microsoft AD 工具,可以验证哪些帐户实际上设置为永不过期,哪些帐户将在 90 天后过期。我不确定我做错了什么:
public bool doesPWExpire(string userDN)
{
DirectoryEntry ent = new DirectoryEntry(userDN);
//get account expires property
LargeInteger passChanged = ent.Properties["accountExpires"].Value as LargeInteger;
//convert to data type long
long int64Value = (long)((uint)passChanged.LowPart | (((long)passChanged.HighPart) << 32));
if (int64Value == 9223372036854775807)
{
return false;
}
else
{
return true;
}
}
I am working on a tool that lists a number of properties of an active directory user. Currently I can show expiration date by adding 90 days (typical policy) to the lastPasswordSet property. However, some accounts are setup to never expire.
I've done some research and figured out that if the property, when converted to a long integer, equals 9223372036854775807 than the password never expires (or so I'm told).
The problem I'm having is that EVERY account I lookup has 9223372036854775807 as the accountExpires value. I have the microsoft AD tool and can verify which accounts are actually set to never expire and which ones expire in 90 days. I'm not sure what I'm doing wrong:
public bool doesPWExpire(string userDN)
{
DirectoryEntry ent = new DirectoryEntry(userDN);
//get account expires property
LargeInteger passChanged = ent.Properties["accountExpires"].Value as LargeInteger;
//convert to data type long
long int64Value = (long)((uint)passChanged.LowPart | (((long)passChanged.HighPart) << 32));
if (int64Value == 9223372036854775807)
{
return false;
}
else
{
return true;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
你正在变长。MaxValue,“从不”的一个很好的值。您的代码不一致,您正在读取“accountExpires”属性,但分配给名为“passChanged”的变量。这表明您实际上想要读取与密码相关的属性。如“maxPwdAge”和“PasswordLastChanged”。帐户通常不会过期,但密码会过期。
You are getting long.MaxValue, a good value for "never". Your code is inconsistent, you are reading the "accountExpires" property but assigning to a variable named "passChanged". Which suggests that you actually want to read a password related property. Like "maxPwdAge" and "PasswordLastChanged". Accounts don't usually expire, passwords do.
我想
DateTime expiry = DateTime.FromFileTime((int)ent.Properties["accountExpires"].Value)会为你解决问题I imagine
DateTime expiry = DateTime.FromFileTime((int)ent.Properties["accountExpires"].Value)will do the trick for you