【发布时间】:2015-01-19 18:40:52
【问题描述】:
我知道这个问题已经被问过几次了,但我还是 C# 新手,不太清楚如何使用其他问题的答案。
我正在使用 .Net 4.5.1。
我有一个站点,您可以在其中输入域用户 ID 和域。我已经用 Classic ASP 和 VBScript 编写了该站点。然后它会显示帐户状态,即 IE。显示名称、UPN、电子邮件地址、密码是否已过期(以及何时过期)、密码锁定状态、帐户已过期(从不或日期或已过期)以及帐户是否已禁用。我正在尝试转换为 ASP.NET 和 C#。
我有以下:
protected void Page_Load(object sender, EventArgs e)
{
string strUserToSearchFor = (string)(Session["txbUserID"]);
string strUserDomain = (string)(Session["drpDomain"]);
string strDomainFQDN = "";
Dictionary<string, string> dicDomainFQDN = new Dictionary<string, string>();
dicDomainFQDN.Add("DOMAIN1", "DC=1,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN2", "DC=2,DC=domain,DC=com");
dicDomainFQDN.Add("DOMAIN3", "DC=3,DC=domain,DC=com");
if (dicDomainFQDN.ContainsKey(strUserDomain.ToUpper()))
{
strDomainFQDN = dicDomainFQDN[strUserDomain.ToUpper()];
}
dicDomainFQDN.Clear();
AuthenticationTypes ADAT = AuthenticationTypes.Anonymous;
ADAT = AuthenticationTypes.Secure;
string strADSearchUsername = "username";
string strADSearchPassword = "password";
DirectoryEntry ADConn = ADConn = new DirectoryEntry("LDAP://" + strDomainFQDN, strADSearchUsername, strADSearchPassword, ADAT);
strADSearchUsername = string.Empty;
strADSearchPassword = string.Empty;
DirectorySearcher ADSearch = new DirectorySearcher(ADConn);
ADSearch.Filter = "maxPwdAge=*";
SearchResultCollection ADMaxPwdAgeResult = ADSearch.FindAll();
long intMaxPwdDays = 0;
if (ADMaxPwdAgeResult.Count >= 1)
{
Int64 intMaxPwdAge = (Int64)ADMaxPwdAgeResult[0].Properties["maxPwdAge"][0];
intMaxPwdDays = intMaxPwdAge / -864000000000;
}
ADMaxPwdAgeResult.Dispose();
ADSearch.SearchScope = SearchScope.Subtree;
ADSearch.PageSize = 1001;
ADSearch.Filter = "(&(objectClass=user)(sAMAccountName=" + strUserToSearchFor + "))";
strUserToSearchFor = string.Empty;
SearchResult ADResult = ADSearch.FindOne();
if (ADResult != null)
{
string strName = "";
string strMail = "";
string strMobile = "";
string strUPN = "";
string strPwdLastSet = "";
string strPwdLocked = "";
string strAccountEpiryDate = "";
string strAccountDisabled = "";
strName = ADResult.Properties["displayName"][0].ToString();
strMail = ADResult.Properties["mail"][0].ToString();
strMobile = ADResult.Properties["mobile"][0].ToString();
strUPN = ADResult.Properties["userPrincipalName"][0].ToString();
if (ADResult.Properties["pwdLastSet"].Count > 0)
{
DateTime dtmPwdLastSet = new DateTime();
dtmPwdLastSet = DateTime.FromFileTime((Int64)(ADResult.Properties["pwdLastSet"][0]));
dtmPwdLastSet = dtmPwdLastSet.AddDays(intMaxPwdDays);
if (dtmPwdLastSet <= DateTime.Today)
{
strPwdLastSet = dtmPwdLastSet.ToString() + " (Expired)";
}
else
{
strPwdLastSet = dtmPwdLastSet.ToString();
}
}
else
{
strPwdLastSet = "Change at next logon";
}
...
但在那之后,我不确定如何锁定密码、禁用帐户和帐户到期日期(如果有)。
密码锁定我试过了:
if (ADResult.Properties["IsAccountLocked"].Count > 0)
{
strPwdLocked = "Yes";
}
else
{
strPwdLocked = "No";
}
对于帐户到期,我尝试了与密码到期相同的方法,但它没有发现有到期日期。禁用帐户后,我找到了一个可以解决问题的函数(我怀疑),但我不知道如何从我的脚本中调用该函数。
private bool IsActive(DirectoryEntry de)
{
if (de.NativeGuid == null) return false;
int flags = (int)de.Properties["userAccountControl"].Value;
return !Convert.ToBoolean(flags & 0x0002);
}
非常感谢任何帮助。
此外,由于我添加了最大密码年龄代码,因此页面需要 3 倍的时间。有没有办法更快地获得域的密码最长使用期限?
好的,我想出了禁用的部分:
DirectoryEntry ADEntry = ADResult.GetDirectoryEntry();
int intUserDisabled = (int)ADEntry.Properties["userAccountControl"].Value;
bool bolAccountDisabled = Convert.ToBoolean(intUserDisabled & 2);
if (bolAccountDisabled == true)
{
strAccountDisabled = "Yes";
}
这也有助于检查密码是否被锁定。
bool bolPasswordLocked = Convert.ToBoolean(intUserDisabled & 16);
在帐户到期日期方面仍需要帮助。
【问题讨论】: