Active Directory用户密码过期.NET / OU的组策略 [英] Active Directory user password expiration date .NET/OU Group Policy
问题描述
我已经寻找信息的网站,发现这一点:
<一href=\"http://stackoverflow.com/questions/1362977/asp-net-c-active-directory-see-how-long-before-a-users-password-expires\">ASP.NET C#的Active Directory - 看多久用户的密码过期前
I have searched the site for information and found this: ASP.NET C# Active Directory - See how long before a user's password expires
这也解释了如何获得密码过期按域策略的价值。
which explains how to get the value of when the password expires as per Domain Policy.
我的问题是:如果有什么用户拥有具有不同MaxPasswordAge值的OU的组策略,覆盖域组策略中指定的?如何以编程方式获得OU的组策略对象?
My question is this: what if the user has an OU Group Policy that has a different MaxPasswordAge value, overriding the one specified in Domain Group Policy? How to programatically get the OU's Group Policy Object?
编辑:以使这个问题有点更清晰,我加入此编辑。我所追求的是能够在用户口令过期告诉。据我了解,日期值可以通过域本地策略或组对象的政策管辖。我有一个Linq2DirectoryService提供商的转化LINQ到LDAP查询。因此,一个LDAP查询来获得日期到期价值将是最适合这个SUBJ。如果你回答包括哪些对象通过.NET支持的包装都纳入这个等式 - !这将是一个死的答案
To make this question a little bit more clear, I am adding this edit. What I am after is to being able to tell when user's password expires. As far as I understand that date value can either be governed by domains local policy or by group object policy. I have a Linq2DirectoryService Provider that translates Linq to Ldap queries. So an LDAP query to get the date expiration value would be optimal for this subj. If you answer includes what objects wrappers supported by .net are included into this equation - it would be a dead on answer!
推荐答案
让我先 http://support.microsoft.com / KB / 323750 其中包含Visual Basic和VBScript的例子和<一个href=\"http://www.anitkb.com/2010/03/how-to-implement-active-directory.html\">http://www.anitkb.com/2010/03/how-to-implement-active-directory.html其中概述了如何maxPwdAge OU设置影响的计算机,而不是用户。它还具有指向<一个评论href=\"http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en\">AloInfo.exe作为从MS一种工具,可以用来获得密码年龄
Let me start with http://support.microsoft.com/kb/323750 which contains Visual Basic and VBScript examples and http://www.anitkb.com/2010/03/how-to-implement-active-directory.html which outlines how the maxPwdAge OU setting impacts computers, not users. It also has a comment pointing to AloInfo.exe as a tool from MS that can be used to get password ages.
下面是例子:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;
namespace LDAP
{
class Program
{
static void Main(string[] args)
{
string domainAndUsername = string.Empty;
string domain = string.Empty;
string userName = string.Empty;
string passWord = string.Empty;
AuthenticationTypes at = AuthenticationTypes.Anonymous;
StringBuilder sb = new StringBuilder();
domain = @"LDAP://w.x.y.z";
domainAndUsername = @"LDAP://w.x.y.z/cn=Lawrence E."+
" Smithmier\, Jr.,cn=Users,dc=corp,"+
"dc=productiveedge,dc=com";
userName = "Administrator";
passWord = "xxxpasswordxxx";
at = AuthenticationTypes.Secure;
DirectoryEntry entry = new DirectoryEntry(
domain, userName, passWord, at);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
SearchResultCollection results;
string filter = "maxPwdAge=*";
mySearcher.Filter = filter;
results = mySearcher.FindAll();
long maxDays = 0;
if(results.Count>=1)
{
Int64 maxPwdAge=(Int64)results[0].Properties["maxPwdAge"][0];
maxDays = maxPwdAge/-864000000000;
}
DirectoryEntry entryUser = new DirectoryEntry(
domainAndUsername, userName, passWord, at);
mySearcher = new DirectorySearcher(entryUser);
results = mySearcher.FindAll();
long daysLeft=0;
if (results.Count >= 1)
{
var lastChanged = results[0].Properties["pwdLastSet"][0];
daysLeft = maxDays - DateTime.Today.Subtract(
DateTime.FromFileTime((long)lastChanged)).Days;
}
Console.WriteLine(
String.Format("You must change your password within"+
" {0} days"
, daysLeft));
Console.ReadLine();
}
}
}
这篇关于Active Directory用户密码过期.NET / OU的组策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
