Directory Service handle to user account [ASP/C#]

Today i was develop password change portal.
in there i have some problem, that is “Change password when next logon”
So, i research to DirectorService for C#(.NET is same)

Finally found solution.
we need to 2 properties in Directoryentry

Frist pwdLastSet
Second UserAccountControl

pwdLastSet is value is 0, It’s “Change password when next logon” set
But this value only use to set. If you want to “Change password when next logon” unset. just to change password. its more to good.

And Some user account need to check for “LOCK” this value you can check UserAccountControl
this value mean we can know below table.

UF_TEMP_DUPLICATE_ACCOUNT = 0x0100,
UF_NORMAL_ACCOUNT = 0x0200,
UF_INTERDOMAIN_TRUST_ACCOUNT = 0x0800,
UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
UF_SERVER_TRUST_ACCOUNT = 0x2000,
UF_DONT_EXPIRE_PASSWD = 0x10000,
UF_SCRIPT = 0x0001,
UF_ACCOUNTDISABLE = 0x0002,
UF_HOMEDIR_REQUIRED = 0x0008,
UF_LOCKOUT = 0x0010,
UF_PASSWD_NOTREQD = 0x0020,
UF_PASSWD_CANT_CHANGE = 0x0040,
UF_ACCOUNT_LOCKOUT = 0X0010,
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
UF_EXPIRE_USER_PASSWORD = 0x800000,

If user account lock UserAccountControl is value is 0x0010

And You can check account state LDAP result.

ERROR_INVALID_PASSWORD = 0x56,
ERROR_PASSWORD_RESTRICTION = 0x52D,
ERROR_LOGON_FAILURE = 0x52e,
ERROR_ACCOUNT_RESTRICTION = 0x52f,
ERROR_INVALID_LOGON_HOURS = 0x530,
ERROR_INVALID_WORKSTATION = 0x531,
ERROR_PASSWORD_EXPIRED = 0x532,
ERROR_ACCOUNT_DISABLED = 0x533,
ERROR_ACCOUNT_EXPIRED = 0x701,
ERROR_PASSWORD_MUST_CHANGE = 0x773,
ERROR_ACCOUNT_LOCKED_OUT = 0x775,
ERROR_ENTRY_EXISTS = 0x2071,

If you want to check more code click to link http://www.lifeasbob.com/code/errorcodes.aspx

Facebook Comments

Leave A Reply

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다.