1

Is there a way to check whether a user's password has expired in a Active Directory Lightweight Directory Services instance? Specifically, is there a property (hopefully a boolean) that defines whether the password expired, taking into consideration whether the user's password is past expiration date and also whether the user's password is set to expire at all (in which case it should always return false).

We're trying to query Active Directory for this information using the DirectoryEntry API and the PrincipalContext API, but can't figure out where it is stored. Just querying the pwdLastSet won't be enough since we don't have access to the expiration period for the domain, and we want to be able to support the in-place password policy.

rae1
  • 6,066
  • 4
  • 27
  • 48

1 Answers1

0

Inspect the userAccountControl attribute.

Michael-O
  • 18,123
  • 6
  • 55
  • 121
  • Can you be more explicit? I'm using the DirectoryServices API and this particular attribute is `null`. – rae1 Dec 10 '12 at 13:26
  • This attribute is binary, instruct the search to treat is as such. You will receive a int or a byte array. Please check the documentation of this attribute, you will find `PASSWORD_EXPIRED` bit. – Michael-O Dec 10 '12 at 13:33