Skip to main content

System.DirectoryServices.AccountManagement

Ever since .NET 2.0 System.DirectoryServices.Protocols have been a part of the framework and in .NET 3.5 even more directory related classes were added, namely System.DirectoryServices.AccountManagement. That is exactly as it sounds a namespace containing methods for account management.

This fits perfectly for a little project I have chosen to call AD Cleanup Tool. This tool will go through all accounts in a domain to clean up certain account properties, such as naming, password policy etc.

Some older solutions does not work with todays versions of Active Directory, for instance if I want to set the property User must change password at next logon. This has earlier been done by setting the property userAccountControl with the flag ADS_UF_PASSWD_CANT_CHANGE. It is not possible to set that flag anymore, but S.DS.AM gives us an even easier solution:

using(PrincipalContext context = new PrincipalContext(ContextType.Domain, "192.168.0.1", "DC=domain,DC=com", "domain\\user", "password"))
{
    using(UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.DistinguishedName, distinguishedName))
    {
        if(userPrincipal.UserCannotChangePassword)
        {
            userPrincipal.UserCannotChangePassword = false;
            userPrincipal.PasswordNeverExpires = false;
            userPrincipal.ExpirePasswordNow();
            userPrincipal.Save();
            return true;
        }
    }
}

S.DS.AM builds on S.DS.P, so the usage is similar to the usage of the Protocols classes. A PrincipalContext is created, in this case to the domain controller, and all actions I want to perform is made through this context. Since I only have the distinguishedName of the user above, I get a UserPrincipal using FindByIdentity().

Comments

Popular posts from this blog

LEAP Sweden - Identity & Access Management

Today was the third day of the Swedish Lead Enterprise Architect Program at Microsoft in Kista. It has been a day filled with sessions on security and identity with a kind of unavoidable focus on federated identities in the cloud. Overall it has been an awesome day with seminars from Henrik Nilsson , Barry O'Reilly and Sergio Molero among others. A lot of Microsoft technologies was mentioned, Forefront Identity Manager , Active Directory Federation Services 2.0 , Forefront Unified Access Gateway , Direct Access ,  Windows Identity Framework and of course  Azure Access Control Service . Microsoft really has a great suite of applications regarding Identity & Access Management. I just wish there was a project or two where I could utilize all of these amazing technologies. I have had a plan to add a login feature to the Cornball using federated identities, so that might happen in the near future. Besides, Björn Eriksen provided a tip for all of us thursty for e...

The Cornball goes to Brunch with Chaplin

Lately I've been working pretty hard on different projects but not really stumbling upon anything blogworthy. The most recent project is quite interesting though, a single page, touch friendly, web application using the latest and greatest technologies. We've ended up with using Brunch with Chaplin , which is a very neat way of setting up a Backbone based single page web project with Brunch and Chaplin . Aside from this, I have my own little project that has lived on for almost 15 years already, The Cornball . From being a plain Windows application written i C an Win32 API, it has been ported to .NET using WPF, and is currently a Silverlight application hosted on Windows Azure. I could not find a better time to reanimate this project and create a new web based version, touch friendly, super optimized, awesome in any way. So I did... So please follow my journey at Github . It's going to take a while, I assure you, but I already have some ground work done. Meanwhile,...

Using ASP.NET MVC with MEF

I wrote this post almost a year ago, but never published it for some reason. Anyway, here is a little MVC/MEF magic. By default a controller in MVC must have a parameterless constructor. When using MEF a good practice is to inject the services via constructor parameters. These two in combination obviously creates an issue where the following scenario will not work out of the box, since there is no parameterless constructor for  MVC  to use. Note that the PartCreationPolicy is set to NonShared since a new controller have to be initialized for each request. [Export] [PartCreationPolicy(CreationPolicy.NonShared)] public class HomeController : Controller {     private readonly IServiceClient _service;     [ImportingConstructor]     public HomeController(IServiceClient service)     {         _service = service;     }     public ActionResult Index()     {         ...