Ever since .NET 2.0 System.DirectoryServices.Protocols have been a part of the framework and in .NET 3.5 even more directory related classes were added, namely System.DirectoryServices.AccountManagement. That is exactly as it sounds a namespace containing methods for account management.
This fits perfectly for a little project I have chosen to call AD Cleanup Tool. This tool will go through all accounts in a domain to clean up certain account properties, such as naming, password policy etc.
Some older solutions does not work with todays versions of Active Directory, for instance if I want to set the property User must change password at next logon. This has earlier been done by setting the property userAccountControl with the flag ADS_UF_PASSWD_CANT_CHANGE. It is not possible to set that flag anymore, but S.DS.AM gives us an even easier solution:
S.DS.AM builds on S.DS.P, so the usage is similar to the usage of the Protocols classes. A PrincipalContext is created, in this case to the domain controller, and all actions I want to perform is made through this context. Since I only have the distinguishedName of the user above, I get a UserPrincipal using FindByIdentity().
This fits perfectly for a little project I have chosen to call AD Cleanup Tool. This tool will go through all accounts in a domain to clean up certain account properties, such as naming, password policy etc.
Some older solutions does not work with todays versions of Active Directory, for instance if I want to set the property User must change password at next logon. This has earlier been done by setting the property userAccountControl with the flag ADS_UF_PASSWD_CANT_CHANGE. It is not possible to set that flag anymore, but S.DS.AM gives us an even easier solution:
using(PrincipalContext context = new PrincipalContext(ContextType.Domain, "192.168.0.1", "DC=domain,DC=com", "domain\\user", "password"))
{
using(UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.DistinguishedName, distinguishedName))
{
if(userPrincipal.UserCannotChangePassword)
{
userPrincipal.UserCannotChangePassword = false;
userPrincipal.PasswordNeverExpires = false;
userPrincipal.ExpirePasswordNow();
userPrincipal.Save();
return true;
}
}
}
S.DS.AM builds on S.DS.P, so the usage is similar to the usage of the Protocols classes. A PrincipalContext is created, in this case to the domain controller, and all actions I want to perform is made through this context. Since I only have the distinguishedName of the user above, I get a UserPrincipal using FindByIdentity().
Comments
Post a Comment