ADLDS userclass ms-DS-UserAccountAutoLocked attribute not visible

Question

I've a local installation of an "Active directory lightweight directory service" on a WIN7 machine (which is domain joined).

Controlled by a Policy a user gets locked for about 15mins if there where 5 failed login attempts. With ADSI-Edit i can see that there is an attribute on the "UserClass" named "ms-DS-UserAccountAutoLocked" with an boolean value.

But if i want to read this attribute from this user (via a second admin(!) authenticated binding) it always returns null - like the property does not exist. If i iterate through all properties this property isnt also shown up. Only at the ADSI-Edit i can see the property and its value.

Have anyone an idea why i cannot read this property in my code? (C#)

I have tried:

var property = adentry.Properties["ms-DS-UserAccountAutoLocked"];

and also:

var property = adentry.InvokeGet("ms-DS-UserAccountAutoLocked");

Thanks

score 1 · Accepted Answer · edited May 23 '17 at 12:12

1

This property is an calculated one and must be refreshed before!

adentry.RefreshCache(new string[] { "ms-DS-UserAccountAutoLocked"});

Take a look at another thread of mine (same effect):

get-all-writeable-properties-of-an-adlds-class

edited May 23 '17 at 12:12

Community

1
1

answered Nov 12 '14 at 16:02

Cadburry

1,844
10
21

ADLDS userclass ms-DS-UserAccountAutoLocked attribute not visible

1 Answers1