5

I needed to set the accountExpires property in the AD DirectoryEntry couldn't find a simple answer. Found some information;

http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.userprincipal.aspx

http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/182bfb6a-8b23-4c96-9379-101a4d91241a

http://www.rlmueller.net/AccountExpires.htm

Saw some articles re ADS****.dll but didn't think I needed to use this method

        Dim valueToSet As Date = Now.AddDays(10)
        Dim ADSPath As String = "LDAP://cn=..."
        Dim de As DirectoryEntry = New DirectoryEntry(ADSPath)
        Dim d As TimeSpan = valueToSet.ToUniversalTime - Date.Parse("01/01/1601")
        Dim ValueToSetAsString As String = d.Ticks.ToString
        ' it appears that the ticks value is too large for the value of the directory entry
        ' converting to a string (18 chars or so) works!
        de.Properties("accountexpires").Value = ValueToSetAsString

Thanks to Brian it looks like the large amount of code wrote above can be simplified;

        de.Properties("accountexpires").Value = valueToSet.ToFileTime.ToString

A function to return the AccountExpires and other largeInteger issues in VB.NET

        Function ConvertADValueToDateTime(ByVal li As Object) As DateTime
        ' http://bytes.com/topic/visual-basic-net/answers/512901-lastlogontimestamp

        Try
            Dim lngHigh = li.HighPart
            Dim lngLow = li.LowPart
            Dim lastLogon = (lngHigh * 2 ^ 32) - lngLow
            Dim returnDateTime As DateTime = DateTime.FromFileTime(lastLogon)
            Return returnDateTime
        Catch ex As Exception
            Return Nothing
        End Try

    End Function

Example use :

            Dim d As DateTime = ConvertADValueToDateTime(de.Properties("accountexpires").value)               
            If d = "01/01/1601" Then
                ' no expiry date
                Return Nothing
            Else
                Return d
            End If

An alternative method

Convert LDAP AccountExpires to DateTime in C#

Community
  • 1
  • 1
Nick Giles
  • 562
  • 1
  • 6
  • 15

2 Answers2

4

Something like this will set your account to expire in 30 days:

Dim de As New DirectoryEntry("LDAP://cn=foo,cn=users,dc=contoso,dc=com")

de.Properties["accountExpires"].Value = DateTime.UtcNow.AddDays(30).ToFileTime()
de.CommitChanges()
Brian Desmond
  • 4,473
  • 1
  • 13
  • 11
  • Didn't know that you could set the lockout in the future. – Nick Giles Oct 07 '11 at 18:23
  • You can't - I plugged in the wrong attribute for some reason. Fixed. – Brian Desmond Oct 09 '11 at 20:29
  • You may want to use .Today instead of .UtcNow so the expire time will be at 00:00 hours. – WhoIsRich Dec 07 '11 at 12:06
  • 1
    @NickGiles I can't get this to work (ComExpection: Unspecified error), but the answer from Chris that insists on using a string value works. – Oskar Berggren Oct 15 '14 at 16:45
  • The value must be string, not long. Try this: `DateTime.UtcNow.AddDays(30).ToFileTime().ToString()` (taken from the answer of Chris) – SergeyT Jan 30 '18 at 13:57
  • For future readers, it doesn't matter if you use `DateTime.UtcNow` or `DateTime.Now` because [`ToFileTime()` calls `ToUniversalTime()` before converting](https://referencesource.microsoft.com/#mscorlib/system/datetime.cs,1140) – Gabriel Luci Feb 07 '19 at 00:25
3

This uses a DateTimePicker on a form but it should be trivial to use any other date format.. 

Imports System.DirectoryServices
Imports System.DirectoryServices.ActiveDirectory
Imports System.IO

'Get the user
Dim EntryString As String
EntryString = "LDAP://...."
Dim dirEntry As DirectoryEntry
dirEntry = New DirectoryEntry(EntryString)
Dim dirSearcher As New DirectorySearcher(dirEntry)
dirSearcher.Filter = "(&(objectCategory=Person)(objectClass=user)(SAMAccountName=" & Trim(Form1.AccountNameTB.Text) & "))"
dirSearcher.SearchScope = SearchScope.Subtree
Dim searchResults As SearchResult = dirSearcher.FindOne()

'Set the date
Dim d1 As Date = Form1.AccountExpiresDTP.Value
Dim d2 As New DateTime(d1.Year, d1.Month, d1.Day)
d2 = d2.AddDays(1) 'Add one day so that it matches what is in AD
Dim ft As Long = d2.ToFileTime()
dirEntryResults.Properties("accountExpires").Value = ft.ToString 'You do need to turn it into a string
dirEntryResults.CommitChanges()
dirEntryResults.Close()
Chris
  • 31
  • 1