Skip to main content

System.DirectoryServices.AccountManagement

Ever since .NET 2.0 System.DirectoryServices.Protocols have been a part of the framework and in .NET 3.5 even more directory related classes were added, namely System.DirectoryServices.AccountManagement. That is exactly as it sounds a namespace containing methods for account management.

This fits perfectly for a little project I have chosen to call AD Cleanup Tool. This tool will go through all accounts in a domain to clean up certain account properties, such as naming, password policy etc.

Some older solutions does not work with todays versions of Active Directory, for instance if I want to set the property User must change password at next logon. This has earlier been done by setting the property userAccountControl with the flag ADS_UF_PASSWD_CANT_CHANGE. It is not possible to set that flag anymore, but S.DS.AM gives us an even easier solution:

using(PrincipalContext context = new PrincipalContext(ContextType.Domain, "192.168.0.1", "DC=domain,DC=com", "domain\\user", "password"))
{
    using(UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.DistinguishedName, distinguishedName))
    {
        if(userPrincipal.UserCannotChangePassword)
        {
            userPrincipal.UserCannotChangePassword = false;
            userPrincipal.PasswordNeverExpires = false;
            userPrincipal.ExpirePasswordNow();
            userPrincipal.Save();
            return true;
        }
    }
}

S.DS.AM builds on S.DS.P, so the usage is similar to the usage of the Protocols classes. A PrincipalContext is created, in this case to the domain controller, and all actions I want to perform is made through this context. Since I only have the distinguishedName of the user above, I get a UserPrincipal using FindByIdentity().
Labels:

Comments

Post a Comment

Popular posts from this blog

Binding a HTML-formatted string to a WPF WebBrowser control

Sometimes there is a need to display a HTML formatted string in a WPF application. There are a couple of ways to do this, but the most stright forward is to use a WebBrowser control and the NavigateToString method. This approach has one big flaw, you cannot use binding to a string out of the box, but I found a great solution through Stack Overflow which adds a bindable property to the  WebBrowser  control using  NavigateToString . The following class is all that is needed to add that behavior. A new depencency property named Html is introduced to the  WebBrowser  and the proper change action is performed in the OnHtmlChanged method. public class BrowserBehavior { public static readonly DependencyProperty HtmlProperty = DependencyProperty.RegisterAttached( "Html", typeof(string), typeof(BrowserBehavior), new FrameworkPropertyMetadata(OnHtmlChanged)); [AttachedPropertyBrowsableForType(typeof(WebBrowser))] public static string GetHtml(WebBrowser bro
1 comment
Read more

Binding Enum with DescriptionAttribute in WPF

Binding an enumeration to a ComboBox can be done in several ways. In most cases you don't want to display the value itself, but a more user friendly description. One common approach is to use the DescriptionAttribute on the Enum values to supply a description for each value.  This is all possible in a very MVVM friendly way. First step is to add the  DescriptionAttribute  to the values of the enumeration. public enum MyValues { [Description("First value")] First, [Description("Second value")] Second } To retrieve the description from the enum we use a simple extension method. This method returns the value of the DescriptionAttribute if it exists, otherwise the string representation of the enum value is returned. public static string GetDescription(this Enum value) { var fieldInfo = value.GetType().GetField(value.ToString()); var attribute = fieldInfo.GetCustomAttributes(typeof(DescriptionAttribute), false).FirstOrDefault() as
2 comments
Read more

Google+ finally for everyone!

There have been a lot of whining on Google from their Apps-users since the launch of  Google+  for everyone with a regular Google-account. The Apps-users have not been able to use  Google+ , until now! (actually  october 27 ) As usual I am impressed with most of the things Google accomplishes, but now when all of their services have gotten a visual and functional touchup I am getting really impressed. As someone at an early stage pointed out it is really sweet of Google to play naive and let me fill in my profile information when I create my profile (as if Google did not already know), but after a few clicks I am on the go. My albums from Picasa is automatically integrated and even the pictures I have uploaded to this blog is shown in  Google+ . But what happens next? Practically no one of my friends are on  Google+  so what do I use it for? I guess we will see. Hopefully there will be even more integration between the social networks in the future. I am anyhow very satified with
1 comment
Read more