Thursday, April 12, 2007 5:31 AM bart

Account management in Orcas - System.DirectoryServices.AccountManagement

"Orcas" includes a new framework for account management in Active Directory. This post shows a little sample on how to use it. First, add a reference to the System.DirectoryServices.AccountManagement.dll assembly from %windir%\Microsoft.NET\Framework\v3.5.20209:

Next, take a look at the following little piece of code. It connects to the domain in line 13 (the same domain as the machine I'm running on, indicated with the null value of the second parameter); other overloads exist if you need to connect to another domain with other credentials etc. Next, we validate the password of a user called Bart (see line 14) who lives in a OU called demo (see line 13). The password happens to be wrong, causing a bad password attempt to be recorded. In line 17, we obtain all the accounts with a bad password attempt in the last second, so Bart will be in. Next, in the loop, we expire Bart's password for the sake of the demo (line 20). Finally in lines 23 and 24, Bart is retrieved again (using another factory method on UserPrincipal) and his password is reset. This time authentication succeeds (line 26).

Fun with passwords - Copy Code
1 using System; 2 using System.DirectoryServices.AccountManagement; 3 4 namespace Demo 5 { 6 class Program 7 { 8 static void Main(string[] args) 9 { 10 string badPwd = "ThisIsABadPassword"; 11 string newPwd = "As you can see, this is a new passphrase!"; 12 13 PrincipalContext ctx = new PrincipalContext(ContextType.Domain, null, "OU=demo,DC=linqdemo,DC=local"); 14 bool b = ctx.ValidateCredentials("Bart", badPwd); 15 if (!b) 16 Console.WriteLine("Invalid password"); 17 foreach (var p in UserPrincipal.FindByBadPasswordAttempt(ctx, DateTime.Now.Subtract(TimeSpan.FromSeconds(1)), MatchType.GreaterThanOrEquals)) 18 { 19 Console.WriteLine(p.LastBadPasswordAttempt); 20 p.ExpirePasswordNow(); 21 } 22 23 UserPrincipal u = UserPrincipal.FindByIdentity(ctx, IdentityType.Name, "Bart De Smet"); 24 u.SetPassword(newPwd); 25 26 b = ctx.ValidateCredentials("Bart", newPwd); 27 if (b) 28 Console.WriteLine("Correct password"); 29 } 30 } 31 }

Output looks like this over here:

Invalid password
4/12/2007 12:28:23 PM
Correct password

Other interesting classes to look at include ComputerPrincipal and GroupPrincipal, together with their static methods for fast querying of the directory. Furthermore, each of those classes exposes a bunch of nice and useful properties to set various properties and a method called Save to apply changes.

Have fun!

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Filed under:

Comments

# Merchant Accounts » Account management in Orcas - System.DirectoryServices …

# AccountManagement

Tuesday, May 15, 2007 4:12 PM by Daniel Moth

AccountManagement

# Creating a List of AD Group Memberships « Ramblings of the Sleepy…

Pingback from  Creating a List of AD Group Memberships « Ramblings of the Sleepy…

# http://blogs.bartdesmet.net/blogs/bart/archive/2007/04/12/account-management-in-orcas-system-directoryservices-accountmanagement.aspx

# buy peptides bodybuilding

Friday, February 03, 2017 3:42 AM by buy peptides bodybuilding

Pingback from  buy peptides bodybuilding