Get the passwordlastchanged property in active directory

Posted on 2005-03-03
Medium Priority
Last Modified: 2008-01-09

I really really need an urgent reply so I decided to put this in a separate thread.

How do you search for a user in the active directory tree starting from the root and get the passwordlastchanged property of the user.

Is it possible to search for a user and get the passwordlastchanged property if you only know the domain name?

Thanks for your patience.
Question by:MsFox
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
LVL 20

Expert Comment

ID: 13457937

PasswordLastChanged is a property member of IADsUser ADSI interface from a COM dll. To use it you need to make an interop assembly from the COM dll. I have a better alternative for you, get pwdLastset attribute from a user object and convert its value to a datetime value.

Take a look at the following PAQ, it has working code to search a user given his user domain id.

With a small modification you can easily get the pwdLastset attribute value, like so

long pwdLastset = 0L;
if ( sr.Properties.Contains("pwdLastset") )
      pwdLastset = (long) sr.Properties["pwdLastset"][0];
      if (pwdLastset > 0)
      DateTime pwdLastChanged = DateTime.FromFileTime( pwdLastSet );

Not in all cases pwdLastset returns a non zero value. For more detail info, read this PAQ.

Author Comment

ID: 13540532
Ok, I am able to get the pwdLastset.   Thanks for that.

Now I'm getting constraint violation.  Do you have any idea what causes this?

Thanks again.
LVL 20

Expert Comment

ID: 13542625
Can you post the code in where the exception gets thrown?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 13550032
I got it during the actual  changing of password. In my screen, I've got 3 textboxes for the old password, new password and confirm new password.  When the user clicks save button, below is the code for the click event.

rootDSE = New DirectoryEntry(String.Format("LDAP://{0}/rootDSE", dcDNS), userName, oldPassword, _

            rootDN = DirectCast(rootDSE.Properties("defaultNamingContext").Value, String)

            searchRoot = New DirectoryEntry(String.Format("LDAP://{0}/{1}", dcDNS, rootDN), userName, oldPassword, _

            searcher = New DirectorySearcher(searchRoot)

            searcher.Filter = String.Format("sAMAccountName={0}", userName)

            searcher.SearchScope = SearchScope.Subtree

            searcher.CacheResults = False

            results = searcher.FindAll

            For Each result In results

                userEntry = result.GetDirectoryEntry

                Exit For

            Next result

            If userEntry Is Nothing Then

                Throw New InvalidOperationException("User not found in the domain")

            End If

            userEntry.Invoke("ChangePassword", New Object() {oldPassword, newPassword})


            ChangePassword = True

        Catch tie As System.Reflection.TargetInvocationException

            Throw tie.InnerException

        Catch ce As System.Runtime.InteropServices.COMException

            Throw ce


            If Not userEntry Is Nothing Then userEntry.Dispose()

            If Not results Is Nothing Then results.Dispose()

            If Not searcher Is Nothing Then searcher.Dispose()

            If Not searchRoot Is Nothing Then searchRoot.Dispose()

            If Not rootDSE Is Nothing Then rootDSE.Dispose()

        End Try

Thanks for any help.
LVL 20

Expert Comment

ID: 13550889
Can you post the exception stack trace too?

Author Comment

ID: 13551063
Here it is:

A constraint violation occurred.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: A constraint violation occurred.

Source Error:

Line 173:        Catch tie As System.Reflection.TargetInvocationException
Line 174:
Line 175:            Throw tie.InnerException
Line 176:
Line 177:        Catch ce As System.Runtime.InteropServices.COMException

Source File: C:\Inetpub\wwwroot\Client Connect\Version 3\BL_Security\ClientConnect.vb    Line: 175

Stack Trace:

[COMException (0x8007202f): A constraint violation occurred.]
   BL_Security.ClientConnect.ChangePassword(String userName, String oldPassword, String newPassword) in C:\Inetpub\wwwroot\Client Connect\Version 3\BL_Security\ClientConnect.vb:175
   ClientConnectv3.ChangePassword.cmdSave_Click(Object sender, EventArgs e) in C:\Inetpub\wwwroot\ClientConnectv3\Pages\ChangePassword.aspx.vb:63
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
   System.Web.UI.Page.ProcessRequestMain() +1277

LVL 20

Expert Comment

ID: 13554508

Sounds like something is wrong with the password. Are you using a password which meets your domain password policy?

Author Comment

ID: 13571660
Yeah, you're right.  I am violating our domain password policy.  

I've one more related question.  Hope I'm not asking too much.

I am able to get the pwdlastSet of any user by just knowing the domain name and the username.  But users belongs to different OUs.  We have external and internal OUs.  How can I determine if the user in question belongs to external or internal OUs?

Thanks heaps.
LVL 20

Accepted Solution

ihenry earned 500 total points
ID: 13572371
when you make a query or bind to your active directory server, it will response you back with some information. Check "distinguishedName" attribute from the user object to determine its parent container.

Author Comment

ID: 13650075
Thanks henry

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question