Password Last Set Time incorrect - Active Directory

I have a method that allows me to set a users active directory password by passing in their username as a variable. after setting the password, i am checking to see if more than 5 minutes have passed before allowing another password reset.
if(DateTime.Now.Subtract(PasswordLastSet).TotalMinutes > 5)

Open in new window


this is where my issue occurs. after adding a break point and running debug, i noticed that my password last set time, is 5 hours in the future. how can i correct this?

Cheers,
Brendan
public void ModifyUser(string username)
        {
            string sPwd = SetSecurePassword();
            
            DirectoryEntry entry = GetDirectoryEntry();
            DirectorySearcher search = new DirectorySearcher(entry);
            search.Filter = "(SAMAccountName=" + username + ")";

            SearchResult sResult = search.FindOne();
            if (sResult != null)
            {
                try
                {
                    DirectoryEntry updateEntry = sResult.GetDirectoryEntry();
                    updateEntry.Invoke("SetPassword", new object[] { sPwd });
                    updateEntry.CommitChanges();
                    updateEntry.Close();
                    passWord = sPwd.ToString();

                }


                catch (Exception ex)
                {
                    lblErrorMessage.Text = ex.ToString();
                }
            }

Open in new window

brendanlefavreAsked:
Who is Participating?
 
Carlos VillegasConnect With a Mentor Full Stack .NET DeveloperCommented:
Well... then try with:
if(DateTime.UtcNow.Subtract(PasswordLastSet).TotalMinutes > 5)

Open in new window


DateTime.UtcNow
0
 
Kamal KhaleefaInformation Security SpecialistCommented:
make sure when you update your password you are inserting the correct time to the database
also make sure your machine and the server(active directory) are having the same corrct time
0
 
brendanlefavreAuthor Commented:
I'm using ActiveDirectoryServices.AccountManage to return a user principal object. when i look at the LastPasswordSet property that is returned, it shows that it's using UTC instead of local time. This would explain the 5 hour difference.

How can I configure my app to work around this?
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
Carlos VillegasFull Stack .NET DeveloperCommented:
Hi, did you try DateTime.ToLocalTime() method?:

if(DateTime.Now.Subtract(PasswordLastSet.ToLocalTime()).TotalMinutes > 5)

Open in new window

0
 
brendanlefavreAuthor Commented:
i'm stll getting the time returned as UTC when I use the .ToLocalTime as suggested.

I am displaying the results using
lblPasswordLastSet.Text = PasswordLastSet.ToString();

Open in new window


I have added the code that I am using to return the PassWordLastSet object
public UserPrincipal GetUser(string sUserName)
    {
        PrincipalContext oPrincipalContext = GetPrincipalContext();

        UserPrincipal oUserPrincipal =
           UserPrincipal.FindByIdentity(oPrincipalContext, sUserName);
        if (oUserPrincipal != null)
        {
            BuildUser(oUserPrincipal);
        }
        return oUserPrincipal;
    }

        private void BuildUser(UserPrincipal user)
    {
        //Populate the user with items available in the UserPrincipal object
        if (user != null)
        {
            if (user.LastPasswordSet.HasValue)
            this.PasswordLastSet = (DateTime)user.LastPasswordSet;
        }
    }

Open in new window

0
 
Carlos VillegasFull Stack .NET DeveloperCommented:
And if that fails, then try this (the problem is I dont know if really your LastPasswordSet var has an Utc time zone defined):
if(DateTime.UtcNow.Subtract(DateTime.SpecifyKind(PasswordLastSet, DateTimeKind.Utc)).TotalMinutes > 5)

Open in new window

0
 
brendanlefavreAuthor Commented:
Thank you for your assistance.

Your solution helped me achieve exactly what I was trying to accomplish.

It makes more sense to just check the total time against UTC instead of converting it to local time. This way if there are users across multiple time zones, the results will be the same.

cheers,
Brendan
0
 
Carlos VillegasFull Stack .NET DeveloperCommented:
You can get that info by using:
string infoPasswordLastSet = new DateTimeOffset(PasswordLastSet).ToString();

Open in new window


It will return a date time string with it time zone offset.
0
 
Carlos VillegasFull Stack .NET DeveloperCommented:
Good to know bro
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.