Locked out Account

Locked out Account

Post by QW5kcsOpcy » Sun, 12 Jun 2005 09:53:02


Please i need the next:

I need locked in the account of my user if he is locked out, please i need a
sample in C#.

In MSDN it's the sample for Enabled Disabled account, but that not is.

Thnaks !!

Programa Microsoft .NET Cells
Celula Microsoft .NET UNICAUCA
Comunidad Acadmica Microsoft
Desarrollador 3 Estrellas Microsoft
Ingeniera de Sistemas http://www.yqcomputer.com/

Locked out Account

Post by QW5kcsOpcy » Mon, 13 Jun 2005 22:57:04


I need your help, when the account it's locked out, i need unlock, please, i
need that in c# using DirectoryServices namespace.



Locked out Account

Post by MVP - AD » Wed, 15 Jun 2005 00:50:26

Account lockout is a little complex in AD with LDAP due to the fact that
lockoutTime is not automatically reset as soon as the lockout expires.

However, to get a first approximation of lockout, you can simply check the
lockoutTime attribute to see if it is populated and contains a value > 0.
Most of the time, this will tell you lockout status although it can yield a
false positive.

If you absolutely need it to be right, you need to compare the lockoutTime
value as DateTime with the current time on the DC + the domain lockout
duration (from the domain root).

To read the lockoutTime attribute, the easiest way is to use the
DirectorySearcher, adding "lockoutTime" to PropertiesToLoad. Then, cast the
result back to Int64. If you use the DirectoryEntry, you must unwind the
IADsLargeInteger value which is more work.

HTH for now. I'll try to follow up with a sample later when I have time.
Ryan has a sample showing some of the code you need here:

Joe K.