Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1597
  • Last Modified:

Get the passwordlastchanged property in active directory


I really really need an urgent reply so I decided to put this in a separate thread.

How do you search for a user in the active directory tree starting from the root and get the passwordlastchanged property of the user.

Is it possible to search for a user and get the passwordlastchanged property if you only know the domain name?

Thanks for your patience.
  • 5
  • 5
1 Solution

PasswordLastChanged is a property member of IADsUser ADSI interface from a COM dll. To use it you need to make an interop assembly from the COM dll. I have a better alternative for you, get pwdLastset attribute from a user object and convert its value to a datetime value.

Take a look at the following PAQ, it has working code to search a user given his user domain id.

With a small modification you can easily get the pwdLastset attribute value, like so

long pwdLastset = 0L;
if ( sr.Properties.Contains("pwdLastset") )
      pwdLastset = (long) sr.Properties["pwdLastset"][0];
      if (pwdLastset > 0)
      DateTime pwdLastChanged = DateTime.FromFileTime( pwdLastSet );

Not in all cases pwdLastset returns a non zero value. For more detail info, read this PAQ.
MsFoxAuthor Commented:
Ok, I am able to get the pwdLastset.   Thanks for that.

Now I'm getting constraint violation.  Do you have any idea what causes this?

Thanks again.
Can you post the code in where the exception gets thrown?
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

MsFoxAuthor Commented:
I got it during the actual  changing of password. In my screen, I've got 3 textboxes for the old password, new password and confirm new password.  When the user clicks save button, below is the code for the click event.

rootDSE = New DirectoryEntry(String.Format("LDAP://{0}/rootDSE", dcDNS), userName, oldPassword, _

            rootDN = DirectCast(rootDSE.Properties("defaultNamingContext").Value, String)

            searchRoot = New DirectoryEntry(String.Format("LDAP://{0}/{1}", dcDNS, rootDN), userName, oldPassword, _

            searcher = New DirectorySearcher(searchRoot)

            searcher.Filter = String.Format("sAMAccountName={0}", userName)

            searcher.SearchScope = SearchScope.Subtree

            searcher.CacheResults = False

            results = searcher.FindAll

            For Each result In results

                userEntry = result.GetDirectoryEntry

                Exit For

            Next result

            If userEntry Is Nothing Then

                Throw New InvalidOperationException("User not found in the domain")

            End If

            userEntry.Invoke("ChangePassword", New Object() {oldPassword, newPassword})


            ChangePassword = True

        Catch tie As System.Reflection.TargetInvocationException

            Throw tie.InnerException

        Catch ce As System.Runtime.InteropServices.COMException

            Throw ce


            If Not userEntry Is Nothing Then userEntry.Dispose()

            If Not results Is Nothing Then results.Dispose()

            If Not searcher Is Nothing Then searcher.Dispose()

            If Not searchRoot Is Nothing Then searchRoot.Dispose()

            If Not rootDSE Is Nothing Then rootDSE.Dispose()

        End Try

Thanks for any help.
Can you post the exception stack trace too?
MsFoxAuthor Commented:
Here it is:

A constraint violation occurred.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: A constraint violation occurred.

Source Error:

Line 173:        Catch tie As System.Reflection.TargetInvocationException
Line 174:
Line 175:            Throw tie.InnerException
Line 176:
Line 177:        Catch ce As System.Runtime.InteropServices.COMException

Source File: C:\Inetpub\wwwroot\Client Connect\Version 3\BL_Security\ClientConnect.vb    Line: 175

Stack Trace:

[COMException (0x8007202f): A constraint violation occurred.]
   BL_Security.ClientConnect.ChangePassword(String userName, String oldPassword, String newPassword) in C:\Inetpub\wwwroot\Client Connect\Version 3\BL_Security\ClientConnect.vb:175
   ClientConnectv3.ChangePassword.cmdSave_Click(Object sender, EventArgs e) in C:\Inetpub\wwwroot\ClientConnectv3\Pages\ChangePassword.aspx.vb:63
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
   System.Web.UI.Page.ProcessRequestMain() +1277


Sounds like something is wrong with the password. Are you using a password which meets your domain password policy?
MsFoxAuthor Commented:
Yeah, you're right.  I am violating our domain password policy.  

I've one more related question.  Hope I'm not asking too much.

I am able to get the pwdlastSet of any user by just knowing the domain name and the username.  But users belongs to different OUs.  We have external and internal OUs.  How can I determine if the user in question belongs to external or internal OUs?

Thanks heaps.
when you make a query or bind to your active directory server, it will response you back with some information. Check "distinguishedName" attribute from the user object to determine its parent container.
MsFoxAuthor Commented:
Thanks henry

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now