Retrieving User Account Expiration from ActiveDirectory

前端 未结 1 958
名媛妹妹
名媛妹妹 2021-01-05 08:47

I\'m trying to retrieve the expiration date from accounts.

I\'ve tried

DirectoryEntry user = new DirectoryEntry(iMem);

var AccountExpiration = DateT         


        
1条回答
  •  臣服心动
    2021-01-05 09:33

    You can use the System.DirectoryServices.AccountManagement namespace to accomplish this task. Once you get a UserPrincipal from a PrincipalContext, you can inspect the UserPrincipal.AccountExpirationDate property.

    PrincipalContext context = new PrincipalContext(ContextType.Domain);
    
    UserPrincipal p = UserPrincipal.FindByIdentity(context, "Domain\\User Name");
    
    if (p.AccountExpirationDate.HasValue)
    {
        DateTime expiration = p.AccountExpirationDate.Value.ToLocalTime();
    }
    

    If you do want to use DirectoryEntry, do this:

    //assume 'user' is DirectoryEntry representing user to check
    DateTime expires = DateTime.FromFileTime(GetInt64(user, "accountExpires"));
    
    private Int64 GetInt64(DirectoryEntry entry, string attr)
    {
        //we will use the marshaling behavior of the searcher
        DirectorySearcher ds = new DirectorySearcher(
        entry,
        String.Format("({0}=*)", attr),
        new string[] { attr },
        SearchScope.Base
        );
    
        SearchResult sr = ds.FindOne();
    
        if (sr != null)
        {
            if (sr.Properties.Contains(attr))
            {
                return (Int64)sr.Properties[attr][0];
            }
        }
    
        return -1;
    }
    

    Another way of parsing the accountExpires value is using reflection:

    private static long ConvertLargeIntegerToLong(object largeInteger)
    {
        Type type = largeInteger.GetType();
    
        int highPart = (int)type.InvokeMember("HighPart", BindingFlags.GetProperty, null, largeInteger, null);
        int lowPart = (int)type.InvokeMember("LowPart", BindingFlags.GetProperty | BindingFlags.Public, null, largeInteger, null);
    
        return (long)highPart <<32 | (uint)lowPart;
    }
    
    object accountExpires = DirectoryEntryHelper.GetAdObjectProperty(directoryEntry, "accountExpires");
    var asLong = ConvertLargeIntegerToLong(accountExpires);
    
    if (asLong == long.MaxValue || asLong <= 0 || DateTime.MaxValue.ToFileTime() <= asLong)
    {
        return DateTime.MaxValue;
    }
    else
    {
        return DateTime.FromFileTimeUtc(asLong);
    }
    

    0 讨论(0)
提交回复
热议问题