0

I have been looking for a way to determine if a directory user's account is disabled or not but using the PrincipalContext approach:

using (var validatePrincipalContext = GetPrincipalContext())
{          
    using (var retrievedUserPrincipal = UserPrincipal.FindByIdentity(validatePrincipalContext, directoryUserName))
    {
        if (retrievedUserPrincipal == null)
        {
             LogMessage(String.Format("User {0} failed to verify on {1}.", directoryUserName, domainNameV), Severity.Error);

             throw new PlatformException(ErrorCode.DomainCredentialsFailed, new Dictionary<string, string>
             {
                {"ADUserName", directoryUserName},
                {"DirectoryIdentifier", domainNameV}
             });
        }

        // Actual validation
        if (validatePrincipalContext.ValidateCredentials(directoryUserName, directoryUserPassword))
        {
            LogMessage(String.Format("User {0} verified successfully on {1}.", directoryUserName, domainNameV), Severity.Info);

            return retrievedUserPrincipal.UserPrincipalName;
        }

        LogMessage(String.Format("User {0} failed to verify on {1}.", directoryUserName, domainNameV), Severity.Info);

        return String.Empty;
    }
}

I have searched here and see some people using the second approach with directories: The DirectoryEntry and DirectorySearcher approach (How to determine if user account is enabled or disabled). I cannot use that as I have done everything with the PrincipalContext

Community
  • 1
  • 1
DoomerDGR8
  • 4,840
  • 6
  • 43
  • 91

1 Answers1

0

You have multiple properties and methods on the UserPrincipal that you can check:

  • Enabled : whether or not the user's account is enabled
  • IsAccountLockedOut() : Returns a Boolean value that specifies whether the account is currently locked out.

Check out the official MSDN documentation on UserPrincipal for more details.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459