Re: Active Directory Expiration Notification
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Wed, 16 Aug 2006 18:21:45 +0100
Hi
check here:
http://support.microsoft.com/?kbid=135403
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"PaulB" <PaulB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C70A39FE-23F9-4F34-8594-32BA16526715@xxxxxxxxxxxxxxxx
Thanks Joe,
Chapter 10 was very informative but I already figured out know how to tell
if the password is expired. I already know how to tell how many days until
the password will expire. What I still do not know how to do is to get the
window of time that the security policy has set for displaying a warning
message to the user that their password is about to expire. I am pretty
sure
that it is somewhere in the AD database or in the registry because I can
set
that value in the security policy via the "Prompt user to change password
before expiration" policy attribute . What I don't know is how to fetch
that
value from AD so my application can display a warning message similar to
the
one windows displays at login time.
"Joe Kaplan (MVP - ADSI)" wrote:
We have a complete sample on doing password expiration notifications
against
AD in .NET in our book in ch. 10. You can download ch 10 for free from
the
website in the link below, as well as the code samples from the book.
The
book itself is not free, but it might help you out in general if you need
a
good reference on .NET directory services programming. The website also
has
a support forum.
Password expiration is determined by the domain password expiration
policy
and the pwdLastSet attribute on the user object. pwdLastSet contains an
8
byte "large" integer that stores a Windows FILETIME that specifies the
date
the password was last set, or the value 0 if the user must change
password
at next logon (or is not set at all if the user has never set a
password).
By comparing the current date and the domain password expiration policy
to
the user's pwdLastSet value, you can determine when the password will
expire. All the details are in the book.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"PaulB" <PaulB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:679994C8-AB8E-462F-866A-CBE1D9461D3B@xxxxxxxxxxxxxxxx
I am trying to retrieve the number of days before password expiration
that
a
user should be warned that their password will be expired. The property
is
set by setting the value for "Prompt user to change password before
expiration" in the security policy.
I am using C# and the directory services namespace to retrieve the AD
properties. For 2003 I found a property called ShadowWarning that
contains
this value. Two questions, first is this the proper AD property to
check
for
this value in 2003. Secondly, what property in 2000 server would I
check
to
retrieve this value??
.
- References:
- Re: Active Directory Expiration Notification
- From: Joe Kaplan \(MVP - ADSI\)
- Re: Active Directory Expiration Notification
- Prev by Date: Re: Question about security group
- Next by Date: DNS Question
- Previous by thread: Re: Active Directory Expiration Notification
- Next by thread: Re: Active Directory Expiration Notification
- Index(es):
Relevant Pages
|
