DirectoryServices DirectoryEntry get pwdLastSet property c#

Question

I am trying to make a bool property that would toggle the pwdLastSet property.

public bool UserMustChangePassword
{
    get { return (long)Entry.Properties["pwdLastSet"].Value == 0; }
    set
    {
        if (value) 
        {
            Entry.Properties["pwdLastSet"].Value = 0; 
        }
        else 
        { 
            Entry.Properties["pwdLastSet"].Value = -1; 
        }
    }                                                                                   
}

I can set the property successfully however I cant read the property. I keep getting the following casting error.

System.InvalidCastException: 'Specified cast is not valid.'

Is there a specific way to read this property. I know it may be possible to UserPrincipal, however I would like to use DirectoryEntry to keep the code consistent.

Edit: check null before casting

public bool UserMustChangePassword
{
    get
    {
        var value = Entry.Properties["pwdLastSet"].Value;

        if (value != null)
            return (long)Entry.Properties["pwdLastSet"].Value == 0;

        return false;
    }
    set
    {
        if (value) 
        {
            Entry.Properties["pwdLastSet"].Value = 0; 
        }
        else 
        { 
            Entry.Properties["pwdLastSet"].Value = -1; 
        }
    }                                                                                   
}

Need a null check in the getter, you cannot cast null to long. — kennyzx, Feb 14 '18 at 00:16
@kennyzx I had thought about that. Unfortunately I still get the same error. I also cannot cast it to a (long?) — Dblock247, Feb 14 '18 at 00:33
And what is the type of the Value property? Can it be something other than a long? — kennyzx, Feb 14 '18 at 00:36
@kennyzx thats the problem I am not exactly sure. I found that information https://stackoverflow.com/questions/18614810/how-to-convert-active-directory-pwdlastset-to-date-time — Dblock247, Feb 14 '18 at 00:42
You can print its type information using GetType method or typeof operator, to be sure — kennyzx, Feb 14 '18 at 00:50
I notice in the post you provided, the property is accessed using index like [0], could you try it? — kennyzx, Feb 14 '18 at 01:03
@kennyzx yea I tried that it doesn't work. The reason they do that is because they run a search and get back a SearchResultCollection which they index into. I have there raw DirectoryEntry so I have to access the property directly. — Dblock247, Feb 14 '18 at 01:09
@Dblock247 - Can you share the extra code where `Entry` has been initialised? It is tough to identify the actual cause with the limited code. — Am_I_Helpful, Feb 14 '18 at 09:40

kennyzx · Answer 1 · 2018-02-14T01:41:08.167

0

You need to check its Count property to make sure there is a value. Try this,

if (Entry.Properties["pwdLastSet"].Count > 0)
{
    return (Entry.Properties["pwdLastSet"][0] == 0)
}
else 
    return false;

Edit:

Seems the problem comes from that you are querying Properties of DirectoryEntry instead of SearchResult. See this question. I have a copy of working code that is also querying SearchResult.

edited Feb 14 '18 at 01:41

answered Feb 14 '18 at 01:31

kennyzx

12,845
6
39
83

I think the problem is the casting type. The count > 0. – Dblock247 Feb 14 '18 at 01:48
1

A System.DirectoryServices.DirectoryEntry instance does not have a pwdLastSet property. Have to get a SearchResultCollection and then loop through each SearchResult instance, and then get the pwdLastSet property, right? – kennyzx Feb 14 '18 at 02:13
No I am setting it just fine. The issue is getting the value. It maybe be something to do with AD INTEGER8 types to .NET Int64. see third post here: https://bytes.com/topic/visual-basic-net/answers/370827-getting-pwdlastset-attrib-value-though-net – Dblock247 Feb 14 '18 at 02:36
I don't know what the issue was but I found out that setting the passwordExpired flag does the same thing and I already have ways to use bitwise operators to set the flags. @kennyzx thanks for your help – Dblock247 Feb 14 '18 at 03:08
Okay, np, it should be a simple issue of missing value and/or invalid type casting, glad you have found a workaround. – kennyzx Feb 14 '18 at 03:12
Just for any one who see this I think I was awrong about the passwordExpired flag. Athough it should do what I expected I believe it can only be set by the system. Every time I change it when a save the object it removes the flag. So instead I use a method called ExpirePasswordNow() (Yea I stole the name from UserPrinciple). Where I can just set the property = 0 which sets the flags. – Dblock247 Feb 14 '18 at 13:50

DirectoryServices DirectoryEntry get pwdLastSet property c#

1 Answers1