从 ActiveDirectory 检索用户帐户到期

时间:2022-11-27
本文介绍了从 ActiveDirectory 检索用户帐户到期的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我正在尝试从帐户中检索到期日期.

I'm trying to retrieve the expiration date from accounts.

我试过了

DirectoryEntry user = new DirectoryEntry(iMem);

var AccountExpiration = DateTime.FromFileTime((int)user.Properties["accountExpires"].Value);

它不起作用,只会给我错误指定的演员表无效".

it doesn't work, only gives me the error "Specified cast is not valid".

当我使用

var AccountExpiration = user.Properties["accountExpires"];

返回一个我无法读取的 com 对象.

returns a com object, which I'm unable to read.

使用 windows powershell,工作正常,我不明白为什么这行不通...

Using windows powershell, works fine, I don't get why this wont work...

这是我在powershell中使用的代码

this is the code I use in powershell

$Expires = [datetime]::FromFileTime($tmpUser.accountExpires)

推荐答案

您可以使用 System.DirectoryServices.AccountManagement 命名空间来完成此任务.从 PrincipalContext 获得 UserPrincipal 后,您可以检查 UserPrincipal.AccountExpirationDate 属性.

You can use the System.DirectoryServices.AccountManagement namespace to accomplish this task. Once you get a UserPrincipal from a PrincipalContext, you can inspect the UserPrincipal.AccountExpirationDate property.

PrincipalContext context = new PrincipalContext(ContextType.Domain);

UserPrincipal p = UserPrincipal.FindByIdentity(context, "Domain\User Name");

if (p.AccountExpirationDate.HasValue)
{
    DateTime expiration = p.AccountExpirationDate.Value.ToLocalTime();
}

如果您确实想要使用DirectoryEntry,请执行以下操作:

If you do want to use DirectoryEntry, do this:

//assume 'user' is DirectoryEntry representing user to check
DateTime expires = DateTime.FromFileTime(GetInt64(user, "accountExpires"));

private Int64 GetInt64(DirectoryEntry entry, string attr)
{
    //we will use the marshaling behavior of the searcher
    DirectorySearcher ds = new DirectorySearcher(
    entry,
    String.Format("({0}=*)", attr),
    new string[] { attr },
    SearchScope.Base
    );

    SearchResult sr = ds.FindOne();

    if (sr != null)
    {
        if (sr.Properties.Contains(attr))
        {
            return (Int64)sr.Properties[attr][0];
        }
    }

    return -1;
}

另一种解析 accountExpires 值的方法是使用反射:

Another way of parsing the accountExpires value is using reflection:

private static long ConvertLargeIntegerToLong(object largeInteger)
{
    Type type = largeInteger.GetType();

    int highPart = (int)type.InvokeMember("HighPart", BindingFlags.GetProperty, null, largeInteger, null);
    int lowPart = (int)type.InvokeMember("LowPart", BindingFlags.GetProperty | BindingFlags.Public, null, largeInteger, null);

    return (long)highPart <<32 | (uint)lowPart;
}

object accountExpires = DirectoryEntryHelper.GetAdObjectProperty(directoryEntry, "accountExpires");
var asLong = ConvertLargeIntegerToLong(accountExpires);

if (asLong == long.MaxValue || asLong <= 0 || DateTime.MaxValue.ToFileTime() <= asLong)
{
    return DateTime.MaxValue;
}
else
{
    return DateTime.FromFileTimeUtc(asLong);
}

这篇关于从 ActiveDirectory 检索用户帐户到期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

上一篇:如何从 ASP.NET Web 服务代码对 Active Directory 进行身份验证? 下一篇:Active Directory 用户组成员资格 GroupPrincipal

相关文章

最新文章