3

I want to make a few simple reports from Active Directory. Following discussions, etc. I found that if I use .NET FW 3.5 and up, it is appropriate to use PrincipalContext. I would like to understand principles and what I can do with this new feature (unlike DirectoryEntry).

Code skeleton

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, 
    "YOURDOMAIN", "OU=SomeOU,DC=YourCompany,DC=com");

// define a "query-by-example" principal - here, we search for a UserPrincipal 
// which has a password that will expire in 3 days or less
UserPrincipal userTemplate = new UserPrincipal(ctx);
userTemplate.AdvancedSearchFilter.AccountExpirationDate(DateTime.Today.AddDays(3), MatchType.LessThanOrEquals);

// instantiate searcher
PrincipalSearcher searcher = new PrincipalSearcher(userTemplate);

// enumerate matching users
foreach (Principal foundPrincipal in searcher.FindAll())
{
    UserPrincipal foundUser = (foundPrincipal as UserPrincipal);

    if (foundUser != null)
    {
        // do something with users found - e.g. send e-mail
    }
}

It is possible by code up add this properties for login to LDAP?:

  • what LDAP is used (version 2 or 3)
  • how set port on which LDAP is running
  • how to work if I need SSL connection? (different port, must be special requirements)

Furthermore, can I do with AdvancedSearchFilter this conditions?
(I found only AccountExpirationDate and AccountLockoutDate)

  • users password will expire in the near future
  • users password has expired
  • check if the user's password can expire
  • users account expires (account, no password)
  • expired users account (account, no password)
  • user account not expired
Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
czWolfHunter
  • 387
  • 2
  • 5
  • 17
  • 1
    If you haven't already - absolutely read the MSDN article [Managing Directory Security Principals in the .NET Framework 3.5](http://msdn.microsoft.com/en-us/magazine/cc135979.aspx) which shows nicely how to make the best use of the new features in `System.DirectoryServices.AccountManagement` (and which answers a lot of your questions, I believe) – marc_s Jan 18 '13 at 21:56
  • Hello, thank for link to article, i I read and I tried test codes in addition to AD, but unfortunately, I'm still in almost the same situation. Eg. when I lock user account, state of "IsAccountLockedOut" property is always False, if I set the account expiration date, AccountLockoutTime property is never set, etc. In addition, many other properties are not under the user at all in class UserPrincipal. I probably not understand the philosophy why to use PrincipalContext instead of DirectoryEntry. – czWolfHunter Jan 25 '13 at 19:29
  • I'm sorry, my mistake. The error will be between the chair and the keyboard, I really did not understand the principle. Once I have a result, I will send the correct answer. – czWolfHunter Jan 25 '13 at 20:44

1 Answers1

0

sorry for the late reply. The solution I found these two links, which describes all the information. Just as it only needs to combine with the code above.

retrieve the value of "Minimum Password Length" in domain password policy

House of Derek - Password expiration email utility

czWolfHunter
  • 387
  • 2
  • 5
  • 17