ASP.NET C#活动目录 - 看多久之前用户的密码过期 [英] ASP.NET C# Active Directory - See how long before a user's password expires
问题描述
我有一个有趣的问题,我写一个密码管理网页/服务,我想找到一种方法来确定当用户的密码即将过期,所以我可以手动重置他们的其他密码与它发出的电子邮件等。
I have an interesting problem, I am writing a password management webpage/service and I am trying to find a way to determine when a user's password is going to expire so I can manually reset their other passwords with it and send out an email, etc.
我遇到的问题是,通过我的用户尝试循环时,我得到了大部分他们没有一个pwdLastSet属性,所以我不能确定它什么时候到期。
The problem I'm having is that when trying to loop through my users I'm getting the bulk of them not having a pwdlastset attribute so I can't determine when it's going to expire.
所以我想我正在寻找一个好方法思路来检查当用户的口令将要使用的的pwdLastSet财产和计算时间搁置届满。
So I guess I am looking for ideas on a good way to check for when a user's password is going to expire aside from using the pwdlastset property and calculating the time left.
多谢你。
推荐答案
这还算是比较复杂一点比你想象的,在第一...
It's actually quite a bit more complicated than you might think at first...
- 在为了知道多长的密码可以是有效的,你需要阅读了域策略,并找出办法
然后:
- 如果用户有UF_DONT_EXPIRE_PASSWD标志在他的userAccountControl的设置了密码永不过期
- 如果在的pwdLastSet值(ADSLargeInteger或Int64值,这是相当棘手的在第一时间阅读)为0,用户将有下一次,他登录到更改密码
- 如果在的pwdLastSet值是-1,密码从未设置
- 只有在没有以上都是真实的,那么的pwdLastSet值包含在密码上一次的设置,你可以从域策略添加了MaxPasswordAge的日期,而这会给你日期用户的密码即将过期
唷!你是否认为这将是这个棘手? :-)
Phew! Did you think it would be this tricky? :-)
马克·
PS:如果你是认真的基于.NET的AD编程,你应该有这本书:
PS: If you're serious about .NET based AD programming, you ought to have this book:
这本书包含像确定用户的密码过期日期,确定用户帐户锁定状态,以及更多所有的好东西 - 强烈推荐!乔和瑞安做了出色的工作让所有这些信息一起,解释它,这样即使是普通人的程序员喜欢自己能理解它: - )
The book contains all the goodies like determining user's password expiration dates, determining user account lockout state and much much more - highly recommended! Joe and Ryan did an outstanding job getting all this information together and explaining it so that even an average Joe programmer like myself can understand it :-)
这篇关于ASP.NET C#活动目录 - 看多久之前用户的密码过期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!