Get AD user password expire date?

The pwdLastSet property is a large integer holding the number of 100ns
intervals since 1601 or something - also known as a FILETIME value.

The DateTime class has a "FromFileTime() " method that will convert that into
a date. Watch out for UTC / local time differences.

In order to see when the password will expire you also need to read the
default domain policy to find out how often a user must change a password.

If you use the WinNT ADSI provider instead of the LDAP ADSI provider you
could get the "PasswordExpira tionDate" property which will calculate the
date for you (never tested this though)
Arild

"Bryan Yeo" <br******@comme rce.com.sg> wrote in message
news:O3******** ********@tk2msf tngp13.phx.gbl. ..

Trying to get the user password expire date from AD, but there is no such
field.
What I could get is the PasswordLastCha nged property.

Is there anyway I could calculate the date or something?

Regards,
Bryan

Btw... found this article which may help:
http://msdn.microsoft.com/library/de...ng09102002.asp
Arild

"Arild Bakken" <ar*****@hotmai l.com> wrote in message
news:u7******** ******@TK2MSFTN GP10.phx.gbl...

The pwdLastSet property is a large integer holding the number of 100ns
intervals since 1601 or something - also known as a FILETIME value.

The DateTime class has a "FromFileTime() " method that will convert that into a date. Watch out for UTC / local time differences.

In order to see when the password will expire you also need to read the
default domain policy to find out how often a user must change a password.

If you use the WinNT ADSI provider instead of the LDAP ADSI provider you
could get the "PasswordExpira tionDate" property which will calculate the
date for you (never tested this though)
Arild

"Bryan Yeo" <br******@comme rce.com.sg> wrote in message
news:O3******** ********@tk2msf tngp13.phx.gbl. ..

Trying to get the user password expire date from AD, but there is no such field.
What I could get is the PasswordLastCha nged property.

Is there anyway I could calculate the date or something?

Regards,
Bryan

I have tried the microsoft and try to convert the codes to C#, this is
what I have:

IADsLargeIntege r fds2 =
(IADsLargeInteg er)searchentry2 .Properties["maxPwdAge"].Value;
double ONE_HUNDRED_NAN OSECOND = 10^-7; //.000000100;
int SECONDS_IN_DAY = 86400;
int fgd = (int)fds2.HighP art;
int fgd2 = (int)fds2.LowPa rt;
double dblMaxPwdNano = Math.Abs((int)f ds2.HighPart * 2^32 +
(int)fds2.LowPa rt);
double dblMaxPwdSecs = (int)dblMaxPwdN ano * .000000100;
double dblMaxPwdDays = (int)dblMaxPwdS ecs / SECONDS_IN_DAY;

But there is something either wrong with the code or with the
calculation, I got a zero.
And which policy does the maxpwdage taken from? local security policy,
domain security policy or domain controller policy?

Regards
Bryan

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Try this for domain policy enforced pwd. aging.

public static void Main() {
long maxAge;
// Get maxPwdAge from domain
using(Directory Entry domain = new
DirectoryEntry( "LDAP://domain/DC=xxxx,DC=xxxx ,DC=xxx", "xxx\\administr ator",
"ppppp"))
{
LargeInteger liMaxAge =domain.Propert ies["MaxPwdAge"].Value as
LargeInteger;
maxAge = (((long)(liMaxA ge.HighPart) << 32) + (long) liMaxAge.LowPar t);
// SHOULD be a negative value !!!
}
// Get pwdlast set for user (here administrator)
DirectoryEntry user = new
DirectoryEntry( "LDAP://domain/CN=administrato r,cn=users,DC=c eleb,DC=w2kdom, DC=com",
"xxx\\administr ator", "xxxxx");
LargeInteger li = user.Properties["pwdLastSet "].Value as LargeInteger;
long expDate = (((long)(li.Hig hPart) << 32) + (long) li.LowPart) - maxAge;
// !!! maxAge is negative number!!!
LiToDate(expDat e);
}
}
static void LiToDate(long date)
{
Console.WriteLi ne(date);
string dt = DateTime.FromFi leTime(date).To String(); // To file time
Console.WriteLi ne("DATE = {0:D}" ,dt); // show pwd expiry date
}
....

Willy.

"Bryan Yeo" <br******@yahoo .com> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. ..

I have tried the microsoft and try to convert the codes to C#, this is
what I have:

IADsLargeIntege r fds2 =
(IADsLargeInteg er)searchentry2 .Properties["maxPwdAge"].Value;
double ONE_HUNDRED_NAN OSECOND = 10^-7; //.000000100;
int SECONDS_IN_DAY = 86400;
int fgd = (int)fds2.HighP art;
int fgd2 = (int)fds2.LowPa rt;
double dblMaxPwdNano = Math.Abs((int)f ds2.HighPart * 2^32 +
(int)fds2.LowPa rt);
double dblMaxPwdSecs = (int)dblMaxPwdN ano * .000000100;
double dblMaxPwdDays = (int)dblMaxPwdS ecs / SECONDS_IN_DAY;

But there is something either wrong with the code or with the
calculation, I got a zero.
And which policy does the maxpwdage taken from? local security policy,
domain security policy or domain controller policy?

Regards
Bryan

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Thanks for the code, it's a great help.
Trying to figure out for days already.

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!