0

I want to expire users' passwords on an individual basis in Microsoft Active directory at different times.

I understand that each user within AD does not have it's own password expry time. Instead there is a Maximum Password Age associated with the domain, and a LastPasswordSet date associated with the user.

I intend to set the LastPasswordSet to simulate the behavior of each user having an individual max password age.

In order to do this, I need to know the Maximum Password Age associated with the domain. How to I determine this programmatically from .NET?

Edit: I see that LastPasswordSet is readonly, so my approach may have no merit.

Ben Aston
  • 53,718
  • 65
  • 205
  • 331
  • http://en.csharp-online.net/User_Management_with_Active_Directory%E2%80%94How_Password_Modification_Dates_Are_Stored may be of use – Ben Aston May 25 '10 at 13:12

1 Answers1

2

If you use ADSI it's the property maxPwdAge. Here's an article that includes a sample of getting this out:

http://msdn.microsoft.com/en-us/library/ms974598.aspx

Hans Olsson
  • 54,199
  • 15
  • 94
  • 116