Hey guys,
I am needing to find out the expiration date of a users password using the LDAP attribute "pwdlastset", I am able to retrieve the date of the last password reset. The password expiration date should be exactly 90 days from the "pwdlastset" value. For some reason I am receiving a password expiration date of: 3/30/1601 4:00:00 PM. Also, I have indicated the area where I am having trouble in bold, Thanks again.

Here is the method that I created, Any assistance would be greatly appreciated!

private void pwdAge()

            DirectoryEntry root = new DirectoryEntry(LDAP_DOMAIN, LDAP_UID, LDAP_PWD, AuthenticationTypes.Secure);;
            DirectorySearcher searcher = new DirectorySearcher(root);

	        searcher.Filter = "(&(objectClass=person)(" + SearchType + "=" + Search + "))";
            SearchResultCollection results = searcher.FindAll();
            foreach (SearchResult result in results)
                ResultPropertyCollection rpc = result.Properties;
	            Int64 pwdLastSet = (Int64)result.Properties["PwdLastSet"][0];

                int pwdAge = pwdLastSet == 0 ? 0 : (new TimeSpan(DateTime.Now.Ticks - DateTime.FromFileTime(pwdLastSet).Ticks)).Days;
                txtPasswordLastSet.Text = GetRSDateTime("PwdLastSet", rpc);
[B]                txtPasswordExpiresOn.Text = DateTime.FromFileTime((Int64)result.Properties["PwdLastSet"][0]).AddDays(90).ToString();[/B]

	       if (pwdAge > 89)
                    txtPasswordAge.ForeColor = Color.Red;
                    txtPasswordAge.Text = pwdAge.ToString() + " Days(s) Old";
                    label22.ForeColor = Color.Red;
                    label25.ForeColor = Color.Red;
                    checkBox3.Checked = true;
                    txtPasswordAge.ForeColor = Color.Green;
                    txtPasswordAge.Text = pwdAge.ToString() + " Days(s) Old";
                    label25.ForeColor = Color.Green;                    
                    checkBox3.Checked = false;                  

            public string GetRSDateTime(string pn, ResultPropertyCollection rs)
                if (rs.Contains(pn))
                    Int64 ts = (Int64)rs[pn][0];
                    if (ts > DateTime.MaxValue.Ticks)
                        return "Invalid Date / Time";
                    else if (ts == 0)
                        return "Never";
                        return rs.Contains(pn) ? DateTime.FromFileTime(ts).ToString() : "";
                return "";

Edited by sanch01r: n/a

7 Years
Discussion Span
Last Post by DdoubleD

I don't have a LDAP server to play around with the code, but that date looks suspiciously like a minimum system date (1/1/1601) with 90 days added to it. Is it possible the user has never logged in and the PwdLastSet is therefore set to zero?


Yes - that is what has happened. I am running VM Ware with Server 2008 and I reset the users password, so it was 0 days old. I am just not sure how to retrieve the password expiration date 90 days from the "pwdlastset" attribute. Perhaps a new Timespan?...


Assuming that the "pwdlastset" value will always be zero until the user logs in to reset their password, you won't know the expiration date to be calculated with the 90 day "maxpasswordage" property until they login I believe.

If user is already being forced to change password, then you really can't send them a message unless they are logged in, in which case you could just inform them of the expire and 90 day limit...

If this is for reporting or maintenance purposes, then you know from the
lastlogin property when the last time they logged in was; and from the pwdlastset property that as of current they have not logged in to reset...

Not sure what you are looking for...

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.