DirectoryEntry without using admin user: how to check if account's expired
- From: Big Charles <cherediatech@xxxxxxxxx>
- Date: Thu, 14 Aug 2008 12:01:47 -0700 (PDT)
Hello,
Programming in VS2003-ASP.NET 1.1, I have this problem: Using
DirectoryEntry and without any admin user, how can I check if a domain
account, that try to login, has expired?
Scenario: User load web application and login using account and
password of the Active Directory.
But user account of ActiveDirectory has expired (or password could be
expired). For security reason, we don't want to use any account with
admin privilegies for connecting through AD. So if user account "jdoe"
with password:"jdoe_password" try to login, how to determine if
account has expired.
Code:
Dim Domain As String = "DOMAINXXX"
Dim sUserName="jdoe": Dim sPassword="jdoe_password"
Dim myEntry As System.DirectoryServices.DirectoryEntry =
New System.DirectoryServices.DirectoryEntry("LDAP://"; & Domain,
sUserName, sPassword,
System.DirectoryServices.AuthenticationTypes.Secure)
myEntry.Username = sUserName
myEntry.Password = sPassword
Dim mySearcher As
System.DirectoryServices.DirectorySearcher = New
System.DirectoryServices.DirectorySearcher(myEntry)
Dim myResult As System.DirectoryServices.SearchResult
mySearcher.Filter = "(&(objectCategory=person)
(objectClass=user)(userPrincipalName=" & UserName & "*))"
Dim x as String = myResult.Properties("sAMAccountName")(0) ''<-- it
gets 'jdoe'
Dim y as String = myResult.Properties("userAccountControl")(0) ''<--
it gets Nothing
I don't think it's impossible, or that you have to use an admin user
to get that (if you have to use an admin user for connecting to AD,
what about security?)
Thanks
.
- Prev by Date: Re: Create link to a PDF onto a word document
- Next by Date: RE: Obtain CA Certificate?
- Previous by thread: Dns.GetHostEntry not working the same as Dns.Resolve or Dns.GetHos
- Next by thread: Could Money 2004 be installed into USB?
- Index(es):
Relevant Pages
|
