MsFox
asked on
Get the passwordlastchanged property in active directory
Hi,
I really really need an urgent reply so I decided to put this in a separate thread.
How do you search for a user in the active directory tree starting from the root and get the passwordlastchanged property of the user.
Is it possible to search for a user and get the passwordlastchanged property if you only know the domain name?
Thanks for your patience.
I really really need an urgent reply so I decided to put this in a separate thread.
How do you search for a user in the active directory tree starting from the root and get the passwordlastchanged property of the user.
Is it possible to search for a user and get the passwordlastchanged property if you only know the domain name?
Thanks for your patience.
ASKER
Ok, I am able to get the pwdLastset. Thanks for that.
Now I'm getting constraint violation. Do you have any idea what causes this?
Thanks again.
Now I'm getting constraint violation. Do you have any idea what causes this?
Thanks again.
Can you post the code in where the exception gets thrown?
ASKER
I got it during the actual changing of password. In my screen, I've got 3 textboxes for the old password, new password and confirm new password. When the user clicks save button, below is the code for the click event.
rootDSE = New DirectoryEntry(String.Form
AuthenticationTypes.Secure
rootDN = DirectCast(rootDSE.Propert
searchRoot = New DirectoryEntry(String.Form
AuthenticationTypes.Secure
searcher = New DirectorySearcher(searchRo
searcher.Filter = String.Format("sAMAccountN
searcher.SearchScope = SearchScope.Subtree
searcher.CacheResults = False
results = searcher.FindAll
For Each result In results
userEntry = result.GetDirectoryEntry
Exit For
Next result
If userEntry Is Nothing Then
Throw New InvalidOperationException(
End If
userEntry.Invoke("ChangePa
userEntry.CommitChanges()
ChangePassword = True
Catch tie As System.Reflection.TargetIn
Throw tie.InnerException
Catch ce As System.Runtime.InteropServ
Throw ce
Finally
If Not userEntry Is Nothing Then userEntry.Dispose()
If Not results Is Nothing Then results.Dispose()
If Not searcher Is Nothing Then searcher.Dispose()
If Not searchRoot Is Nothing Then searchRoot.Dispose()
If Not rootDSE Is Nothing Then rootDSE.Dispose()
End Try
---
Thanks for any help.
rootDSE = New DirectoryEntry(String.Form
AuthenticationTypes.Secure
rootDN = DirectCast(rootDSE.Propert
searchRoot = New DirectoryEntry(String.Form
AuthenticationTypes.Secure
searcher = New DirectorySearcher(searchRo
searcher.Filter = String.Format("sAMAccountN
searcher.SearchScope = SearchScope.Subtree
searcher.CacheResults = False
results = searcher.FindAll
For Each result In results
userEntry = result.GetDirectoryEntry
Exit For
Next result
If userEntry Is Nothing Then
Throw New InvalidOperationException(
End If
userEntry.Invoke("ChangePa
userEntry.CommitChanges()
ChangePassword = True
Catch tie As System.Reflection.TargetIn
Throw tie.InnerException
Catch ce As System.Runtime.InteropServ
Throw ce
Finally
If Not userEntry Is Nothing Then userEntry.Dispose()
If Not results Is Nothing Then results.Dispose()
If Not searcher Is Nothing Then searcher.Dispose()
If Not searchRoot Is Nothing Then searchRoot.Dispose()
If Not rootDSE Is Nothing Then rootDSE.Dispose()
End Try
---
Thanks for any help.
Can you post the exception stack trace too?
ASKER
Here it is:
A constraint violation occurred.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServ
Source Error:
Line 173: Catch tie As System.Reflection.TargetIn
Line 174:
Line 175: Throw tie.InnerException
Line 176:
Line 177: Catch ce As System.Runtime.InteropServ
Source File: C:\Inetpub\wwwroot\Client Connect\Version 3\BL_Security\ClientConnec
Stack Trace:
[COMException (0x8007202f): A constraint violation occurred.]
BL_Security.ClientConnect.
ClientConnectv3.ChangePass
System.Web.UI.WebControls.
System.Web.UI.WebControls.
System.Web.UI.Page.RaisePo
System.Web.UI.Page.RaisePo
System.Web.UI.Page.Process
A constraint violation occurred.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Runtime.InteropServ
Source Error:
Line 173: Catch tie As System.Reflection.TargetIn
Line 174:
Line 175: Throw tie.InnerException
Line 176:
Line 177: Catch ce As System.Runtime.InteropServ
Source File: C:\Inetpub\wwwroot\Client Connect\Version 3\BL_Security\ClientConnec
Stack Trace:
[COMException (0x8007202f): A constraint violation occurred.]
BL_Security.ClientConnect.
ClientConnectv3.ChangePass
System.Web.UI.WebControls.
System.Web.UI.WebControls.
System.Web.UI.Page.RaisePo
System.Web.UI.Page.RaisePo
System.Web.UI.Page.Process
Sounds like something is wrong with the password. Are you using a password which meets your domain password policy?
ASKER
Yeah, you're right. I am violating our domain password policy.
I've one more related question. Hope I'm not asking too much.
I am able to get the pwdlastSet of any user by just knowing the domain name and the username. But users belongs to different OUs. We have external and internal OUs. How can I determine if the user in question belongs to external or internal OUs?
Thanks heaps.
I've one more related question. Hope I'm not asking too much.
I am able to get the pwdlastSet of any user by just knowing the domain name and the username. But users belongs to different OUs. We have external and internal OUs. How can I determine if the user in question belongs to external or internal OUs?
Thanks heaps.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks henry
PasswordLastChanged is a property member of IADsUser ADSI interface from a COM dll. To use it you need to make an interop assembly from the COM dll. I have a better alternative for you, get pwdLastset attribute from a user object and convert its value to a datetime value.
Take a look at the following PAQ, it has working code to search a user given his user domain id.
https://www.experts-exchange.com/questions/21319791/Get-ActiveDirectory-department-of-connected-user-using-ASP-NET-C.html
With a small modification you can easily get the pwdLastset attribute value, like so
long pwdLastset = 0L;
if ( sr.Properties.Contains("pw
{
pwdLastset = (long) sr.Properties["pwdLastset"
if (pwdLastset > 0)
{
DateTime pwdLastChanged = DateTime.FromFileTime( pwdLastSet );
}
}
Not in all cases pwdLastset returns a non zero value. For more detail info, read this PAQ.
https://www.experts-exchange.com/questions/21038518/Detect-expired-Active-Directry-user-passwords-and-change-via-ASP-NET.html