Skip to main content

System.DirectoryServices.AccountManagement

Ever since .NET 2.0 System.DirectoryServices.Protocols have been a part of the framework and in .NET 3.5 even more directory related classes were added, namely System.DirectoryServices.AccountManagement. That is exactly as it sounds a namespace containing methods for account management.

This fits perfectly for a little project I have chosen to call AD Cleanup Tool. This tool will go through all accounts in a domain to clean up certain account properties, such as naming, password policy etc.

Some older solutions does not work with todays versions of Active Directory, for instance if I want to set the property User must change password at next logon. This has earlier been done by setting the property userAccountControl with the flag ADS_UF_PASSWD_CANT_CHANGE. It is not possible to set that flag anymore, but S.DS.AM gives us an even easier solution:

using(PrincipalContext context = new PrincipalContext(ContextType.Domain, "192.168.0.1", "DC=domain,DC=com", "domain\\user", "password"))
{
    using(UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.DistinguishedName, distinguishedName))
    {
        if(userPrincipal.UserCannotChangePassword)
        {
            userPrincipal.UserCannotChangePassword = false;
            userPrincipal.PasswordNeverExpires = false;
            userPrincipal.ExpirePasswordNow();
            userPrincipal.Save();
            return true;
        }
    }
}

S.DS.AM builds on S.DS.P, so the usage is similar to the usage of the Protocols classes. A PrincipalContext is created, in this case to the domain controller, and all actions I want to perform is made through this context. Since I only have the distinguishedName of the user above, I get a UserPrincipal using FindByIdentity().

Comments

Popular posts from this blog

Programming AD with C#.NET – part 4

Our transition to the  System.DirectoryServices.Protocols  has in the whole gone very smooth, but there have been some issues with one environment that contains subdomains. Most things are working fine, but writing to a subdomain does not work in the same way as it did before. What is generally bad with the  System.DirectoryServices.Protocols is the documentation, which is practically non-existent. But most things can  be figured out anyway since most classes just are wrappers for the wldap32.dll, which in turn is way better documented. I would like to have as little bindings to a specific server as possible but still be able to access the domain. In the  LdapConnection  it is possible to set the identifier to null and use the executing computer as a starting point to find a domain controller. But sometimes I must know that I am using a Global Catalog, and with more and more RODC in the environment I sometimes must know that I am working against a writeable domain controller.

jQuery file upload with Bootstrap progress bar

Performing an asynchronous file upload from the browser is a common problem with almost as many solutions as there are developers. The following solution is the best fit for my needs, and also works well with most popular browsers. Backwards compatibility is not an issue in this case which is great, because I can use the new technologies as they are supposed to be used. Everything is put together in JSFiddle for a working example . I will continue to explain the parts below... First, the input field needs to be styled as a button. The form tag is only present for us to be able to reset the file input field later on. <form>     <span class="fileUpload btn btn-default">         <span class="glyphicon glyphicon-upload"></span> Upload file         <input type="file" id="uploadFile" />     </span> </form> .fileUpload { position: relative; overflow: hidden; } .fileUpload input { position: a

Google+ finally for everyone!

There have been a lot of whining on Google from their Apps-users since the launch of  Google+  for everyone with a regular Google-account. The Apps-users have not been able to use  Google+ , until now! (actually  october 27 ) As usual I am impressed with most of the things Google accomplishes, but now when all of their services have gotten a visual and functional touchup I am getting really impressed. As someone at an early stage pointed out it is really sweet of Google to play naive and let me fill in my profile information when I create my profile (as if Google did not already know), but after a few clicks I am on the go. My albums from Picasa is automatically integrated and even the pictures I have uploaded to this blog is shown in  Google+ . But what happens next? Practically no one of my friends are on  Google+  so what do I use it for? I guess we will see. Hopefully there will be even more integration between the social networks in the future. I am anyhow very satified with