Member Avatar for sanch01r

Hey guys,
I am needing to find out the expiration date of a users password using the LDAP attribute "pwdlastset", I am able to retrieve the date of the last password reset. The password expiration date should be exactly 90 days from the "pwdlastset" value. For some reason I am receiving a password expiration date of: 3/30/1601 4:00:00 PM. Also, I have indicated the area where I am having trouble in bold, Thanks again.

Here is the method that I created, Any assistance would be greatly appreciated!

private void pwdAge()

        {
            DirectoryEntry root = new DirectoryEntry(LDAP_DOMAIN, LDAP_UID, LDAP_PWD, AuthenticationTypes.Secure);;
													 
            DirectorySearcher searcher = new DirectorySearcher(root);

        
	        searcher.Filter = "(&(objectClass=person)(" + SearchType + "=" + Search + "))";
            
            searcher.PropertiesToLoad.Add("PwdLastSet");
         
            SearchResultCollection results = searcher.FindAll();
			
            foreach (SearchResult result in results)
            {
                ResultPropertyCollection rpc = result.Properties;
	    
	            Int64 pwdLastSet = (Int64)result.Properties["PwdLastSet"][0];

				
                int pwdAge = pwdLastSet == 0 ? 0 : (new TimeSpan(DateTime.Now.Ticks - DateTime.FromFileTime(pwdLastSet).Ticks)).Days;
                txtPasswordLastSet.Text = GetRSDateTime("PwdLastSet", rpc);
[B]                txtPasswordExpiresOn.Text = DateTime.FromFileTime((Int64)result.Properties["PwdLastSet"][0]).AddDays(90).ToString();[/B]

         
  
	       if (pwdAge > 89)
                {
                    txtPasswordAge.ForeColor = Color.Red;
                    txtPasswordAge.Text = pwdAge.ToString() + " Days(s) Old";
                    label22.ForeColor = Color.Red;
                    label25.ForeColor = Color.Red;
                    checkBox3.Checked = true;
                }
                else 
                {
                    txtPasswordAge.ForeColor = Color.Green;
                    txtPasswordAge.Text = pwdAge.ToString() + " Days(s) Old";
                    label25.ForeColor = Color.Green;                    
                    checkBox3.Checked = false;                  
                }


            }
            searcher.Dispose();
        }
            public string GetRSDateTime(string pn, ResultPropertyCollection rs)
            {
                if (rs.Contains(pn))
                {
                    Int64 ts = (Int64)rs[pn][0];
                    if (ts > DateTime.MaxValue.Ticks)
                        return "Invalid Date / Time";
                    else if (ts == 0)
                        return "Never";
                    else
                        return rs.Contains(pn) ? DateTime.FromFileTime(ts).ToString() : "";
                }
                return "";
            }
Edited by sanch01r because: n/a
  • 2 Contributors
  • 3 Replies
  • 1K Views
  • 22 Hours Discussion Span
  • Latest Post Latest Post by DdoubleD

Recommended Answers

All 3 Replies

Member Avatar for DdoubleD

I don't have a LDAP server to play around with the code, but that date looks suspiciously like a minimum system date (1/1/1601) with 90 days added to it. Is it possible the user has never logged in and the PwdLastSet is therefore set to zero?

Member Avatar for sanch01r

Yes - that is what has happened. I am running VM Ware with Server 2008 and I reset the users password, so it was 0 days old. I am just not sure how to retrieve the password expiration date 90 days from the "pwdlastset" attribute. Perhaps a new Timespan?...

Member Avatar for DdoubleD

Assuming that the "pwdlastset" value will always be zero until the user logs in to reset their password, you won't know the expiration date to be calculated with the 90 day "maxpasswordage" property until they login I believe.

If user is already being forced to change password, then you really can't send them a message unless they are logged in, in which case you could just inform them of the expire and 90 day limit...

If this is for reporting or maintenance purposes, then you know from the
lastlogin property when the last time they logged in was; and from the pwdlastset property that as of current they have not logged in to reset...

Not sure what you are looking for...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.