Get AD user password expire date?

Trying to get the user password expire date from AD, but there is no such
field.
What I could get is the PasswordLastChanged property.

Is there anyway I could calculate the date or something?

Regards,
Bryan

re: Get AD user password expire date?

The pwdLastSet property is a large integer holding the number of 100ns
intervals since 1601 or something - also known as a FILETIME value.

The DateTime class has a "FromFileTime()" method that will convert that into
a date. Watch out for UTC / local time differences.

In order to see when the password will expire you also need to read the
default domain policy to find out how often a user must change a password.

If you use the WinNT ADSI provider instead of the LDAP ADSI provider you
could get the "PasswordExpirationDate" property which will calculate the
date for you (never tested this though)


Arild

"Bryan Yeo" <bryanyeo@commerce.com.sg> wrote in message
news:O3c%23mH2IEHA.3308@tk2msftngp13.phx.gbl...[color=blue]
> Trying to get the user password expire date from AD, but there is no such
> field.
> What I could get is the PasswordLastChanged property.
>
> Is there anyway I could calculate the date or something?
>
> Regards,
> Bryan
>
>[/color]

re: Get AD user password expire date?

Btw... found this article which may help:


http://msdn.microsoft.com/library/de...ng09102002.asp


Arild

"Arild Bakken" <arildb_@hotmail.com> wrote in message
news:u7SOBq3IEHA.2764@TK2MSFTNGP10.phx.gbl...[color=blue]
> The pwdLastSet property is a large integer holding the number of 100ns
> intervals since 1601 or something - also known as a FILETIME value.
>
> The DateTime class has a "FromFileTime()" method that will convert that[/color]
into[color=blue]
> a date. Watch out for UTC / local time differences.
>
> In order to see when the password will expire you also need to read the
> default domain policy to find out how often a user must change a password.
>
> If you use the WinNT ADSI provider instead of the LDAP ADSI provider you
> could get the "PasswordExpirationDate" property which will calculate the
> date for you (never tested this though)
>
>
> Arild
>
> "Bryan Yeo" <bryanyeo@commerce.com.sg> wrote in message
> news:O3c%23mH2IEHA.3308@tk2msftngp13.phx.gbl...[color=green]
> > Trying to get the user password expire date from AD, but there is no[/color][/color]
such[color=blue][color=green]
> > field.
> > What I could get is the PasswordLastChanged property.
> >
> > Is there anyway I could calculate the date or something?
> >
> > Regards,
> > Bryan
> >
> >[/color]
>
>[/color]

re: Get AD user password expire date?

I have tried the microsoft and try to convert the codes to C#, this is
what I have:

IADsLargeInteger fds2 =
(IADsLargeInteger)searchentry2.Properties["maxPwdAge"].Value;
double ONE_HUNDRED_NANOSECOND = 10^-7; //.000000100;
int SECONDS_IN_DAY = 86400;
int fgd = (int)fds2.HighPart;
int fgd2 = (int)fds2.LowPart;
double dblMaxPwdNano = Math.Abs((int)fds2.HighPart * 2^32 +
(int)fds2.LowPart);
double dblMaxPwdSecs = (int)dblMaxPwdNano * .000000100;
double dblMaxPwdDays = (int)dblMaxPwdSecs / SECONDS_IN_DAY;

But there is something either wrong with the code or with the
calculation, I got a zero.
And which policy does the maxpwdage taken from? local security policy,
domain security policy or domain controller policy?

Regards
Bryan



*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

re: Get AD user password expire date?

Try this for domain policy enforced pwd. aging.

public static void Main() {
long maxAge;
// Get maxPwdAge from domain
using(DirectoryEntry domain = new
DirectoryEntry("LDAP://domain/DC=xxxx,DC=xxxx,DC=xxx", "xxx\\administrator",
"ppppp"))
{
LargeInteger liMaxAge =domain.Properties["MaxPwdAge"].Value as
LargeInteger;
maxAge = (((long)(liMaxAge.HighPart) << 32) + (long) liMaxAge.LowPart);
// SHOULD be a negative value !!!
}
// Get pwdlast set for user (here administrator)
DirectoryEntry user = new
DirectoryEntry("LDAP://domain/CN=administrator,cn=users,DC=celeb,DC=w2kdom,DC=co m",
"xxx\\administrator", "xxxxx");
LargeInteger li = user.Properties["pwdLastSet"].Value as LargeInteger;
long expDate = (((long)(li.HighPart) << 32) + (long) li.LowPart) - maxAge;
// !!! maxAge is negative number!!!
LiToDate(expDate);
}
}
static void LiToDate(long date)
{
Console.WriteLine(date);
string dt = DateTime.FromFileTime(date).ToString(); // To file time
Console.WriteLine("DATE = {0:D}" ,dt); // show pwd expiry date
}
....

Willy.

"Bryan Yeo" <bryanybh@yahoo.com> wrote in message
news:%23fc3P6eJEHA.3848@TK2MSFTNGP09.phx.gbl...[color=blue]
>I have tried the microsoft and try to convert the codes to C#, this is
> what I have:
>
> IADsLargeInteger fds2 =
> (IADsLargeInteger)searchentry2.Properties["maxPwdAge"].Value;
> double ONE_HUNDRED_NANOSECOND = 10^-7; //.000000100;
> int SECONDS_IN_DAY = 86400;
> int fgd = (int)fds2.HighPart;
> int fgd2 = (int)fds2.LowPart;
> double dblMaxPwdNano = Math.Abs((int)fds2.HighPart * 2^32 +
> (int)fds2.LowPart);
> double dblMaxPwdSecs = (int)dblMaxPwdNano * .000000100;
> double dblMaxPwdDays = (int)dblMaxPwdSecs / SECONDS_IN_DAY;
>
> But there is something either wrong with the code or with the
> calculation, I got a zero.
> And which policy does the maxpwdage taken from? local security policy,
> domain security policy or domain controller policy?
>
> Regards
> Bryan
>
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it![/color]

re: Get AD user password expire date?

Thanks for the code, it's a great help.
Trying to figure out for days already.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!