We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Password Last Set Time incorrect - Active Directory

brendanlefavre
on
Medium Priority
1,159 Views
Last Modified: 2012-05-11
I have a method that allows me to set a users active directory password by passing in their username as a variable. after setting the password, i am checking to see if more than 5 minutes have passed before allowing another password reset.
if(DateTime.Now.Subtract(PasswordLastSet).TotalMinutes > 5)

Open in new window


this is where my issue occurs. after adding a break point and running debug, i noticed that my password last set time, is 5 hours in the future. how can i correct this?

Cheers,
Brendan
public void ModifyUser(string username)
        {
            string sPwd = SetSecurePassword();
            
            DirectoryEntry entry = GetDirectoryEntry();
            DirectorySearcher search = new DirectorySearcher(entry);
            search.Filter = "(SAMAccountName=" + username + ")";

            SearchResult sResult = search.FindOne();
            if (sResult != null)
            {
                try
                {
                    DirectoryEntry updateEntry = sResult.GetDirectoryEntry();
                    updateEntry.Invoke("SetPassword", new object[] { sPwd });
                    updateEntry.CommitChanges();
                    updateEntry.Close();
                    passWord = sPwd.ToString();

                }


                catch (Exception ex)
                {
                    lblErrorMessage.Text = ex.ToString();
                }
            }

Open in new window

Comment
Watch Question

Kamal KhaleefaInformation Security Specialist

Commented:
make sure when you update your password you are inserting the correct time to the database
also make sure your machine and the server(active directory) are having the same corrct time

Author

Commented:
I'm using ActiveDirectoryServices.AccountManage to return a user principal object. when i look at the LastPasswordSet property that is returned, it shows that it's using UTC instead of local time. This would explain the 5 hour difference.

How can I configure my app to work around this?
Carlos VillegasFull Stack .NET Developer

Commented:
Hi, did you try DateTime.ToLocalTime() method?:

if(DateTime.Now.Subtract(PasswordLastSet.ToLocalTime()).TotalMinutes > 5)

Open in new window

Author

Commented:
i'm stll getting the time returned as UTC when I use the .ToLocalTime as suggested.

I am displaying the results using
lblPasswordLastSet.Text = PasswordLastSet.ToString();

Open in new window


I have added the code that I am using to return the PassWordLastSet object
public UserPrincipal GetUser(string sUserName)
    {
        PrincipalContext oPrincipalContext = GetPrincipalContext();

        UserPrincipal oUserPrincipal =
           UserPrincipal.FindByIdentity(oPrincipalContext, sUserName);
        if (oUserPrincipal != null)
        {
            BuildUser(oUserPrincipal);
        }
        return oUserPrincipal;
    }

        private void BuildUser(UserPrincipal user)
    {
        //Populate the user with items available in the UserPrincipal object
        if (user != null)
        {
            if (user.LastPasswordSet.HasValue)
            this.PasswordLastSet = (DateTime)user.LastPasswordSet;
        }
    }

Open in new window

Full Stack .NET Developer
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Carlos VillegasFull Stack .NET Developer

Commented:
And if that fails, then try this (the problem is I dont know if really your LastPasswordSet var has an Utc time zone defined):
if(DateTime.UtcNow.Subtract(DateTime.SpecifyKind(PasswordLastSet, DateTimeKind.Utc)).TotalMinutes > 5)

Open in new window

Author

Commented:
Thank you for your assistance.

Your solution helped me achieve exactly what I was trying to accomplish.

It makes more sense to just check the total time against UTC instead of converting it to local time. This way if there are users across multiple time zones, the results will be the same.

cheers,
Brendan
Carlos VillegasFull Stack .NET Developer

Commented:
You can get that info by using:
string infoPasswordLastSet = new DateTimeOffset(PasswordLastSet).ToString();

Open in new window


It will return a date time string with it time zone offset.
Carlos VillegasFull Stack .NET Developer

Commented:
Good to know bro
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.