UserPrincipal AccountLockoutTime 始终为空
UserPrincipal AccountLockoutTime always null
我正在访问 Active Directory 中用户对象的各种属性。我有以下我写的方法。
它适用于除 AccountLockoutTime 之外的所有属性,它始终返回为 null。
public IEnumerable<ActiveDirectoryAccount> GetUserAccounts(string samAccountName)
{
PrincipalContext pricipalContext = new PrincipalContext(ContextType.Domain, "domainname.co.za:3268");
UserPrincipal userPrincipal = new UserPrincipal(pricipalContext);
userPrincipal.SamAccountName = "*" + samAccountName + "*";
PrincipalSearcher principalSearcher = new PrincipalSearcher(userPrincipal);
ICollection<ActiveDirectoryAccount> result = new List<ActiveDirectoryAccount>();
foreach (UserPrincipal userSearchResult in principalSearcher.FindAll())
{
ActiveDirectoryAccount account = new ActiveDirectoryAccount()
{
AccountLockedOut = userSearchResult.IsAccountLockedOut(),
DistinguishedName = userSearchResult.DistinguishedName,
Description = userSearchResult.Description,
Enabled = userSearchResult.Enabled,
GUID = userSearchResult.Guid,
LastLogon = userSearchResult.LastLogon,
LastPasswordSet = userSearchResult.LastPasswordSet,
// The below line always comes back as null
LockoutTime = userSearchResult.AccountLockoutTime,
PasswordNeverExpires = userSearchResult.PasswordNeverExpires,
SAMAccountName = userSearchResult.SamAccountName,
SmartcardLogonRequired = userSearchResult.SmartcardLogonRequired,
UserCannotChangePassword = userSearchResult.UserCannotChangePassword,
UserPrincipalName = userSearchResult.UserPrincipalName
};
if (userSearchResult.GetUnderlyingObjectType() == typeof(DirectoryEntry))
{
using (DirectoryEntry entry = (DirectoryEntry)userSearchResult.GetUnderlyingObject())
{
account.WhenChanged = (DateTime)entry.Properties["whenChanged"].Value;
account.WhenCreated = (DateTime)entry.Properties["whenCreated"].Value;
// Tried the below to get the data as well but no luck.
if (userSearchResult.IsAccountLockedOut())
{
if (entry.Properties["lockoutTime"].Value != null)
{
account.Test = (string)entry.Properties["lockoutTime"].Value;
}
}
}
}
result.Add(account);
}
principalSearcher.Dispose();
return result.ToList();
}
我已经锁定了一个帐户以检查上面的代码是否可以读取 IsAccountLockedOut。它可以 returns 正确。 userSearchResult.AccountLockoutTime 或 (string)entry.Properties["lockoutTime"].Value;
总是 returns null
我检查了 Active Directory 中的锁定时间 属性,当我锁定帐户时,它会为用户帐户填充。
有什么问题吗?
提前致谢。 :)
克里斯
当通过entry.Properties["lockoutTime"].Value获取时,lockoutTime属性是一个支持IADsLargeInteger接口的COM对象。
您可以使用此处的代码获取其值:
[ComImport,
InterfaceType(ComInterfaceType.InterfaceIsIDispatch),
Guid("9068270B-0939-11D1-8BE1-00C04FD8D503")]
public interface IADsLargeInteger
{
int HighPart{get;set;}
int LowPart{get;set;}
}
private DateTime? GetLockoutTime(DirectoryEntry de)
{
DateTime? ret = null;
IADsLargeInteger largeInt = de.Properties["lockoutTime"].Value as IADsLargeInteger;
if (largeInt != null)
{
long ticks = (long)largeInt.HighPart << 32 | largeInt.LowPart;
// 0 means not lockout
if (ticks != 0)
{
ret = DateTime.FromFileTimeUtc(ticks.Value);
}
}
return ret;
}
请注意 lockoutTime 的值是帐户被锁定的时间,而不是 "locked until" 的时间。
我正在访问 Active Directory 中用户对象的各种属性。我有以下我写的方法。
它适用于除 AccountLockoutTime 之外的所有属性,它始终返回为 null。
public IEnumerable<ActiveDirectoryAccount> GetUserAccounts(string samAccountName)
{
PrincipalContext pricipalContext = new PrincipalContext(ContextType.Domain, "domainname.co.za:3268");
UserPrincipal userPrincipal = new UserPrincipal(pricipalContext);
userPrincipal.SamAccountName = "*" + samAccountName + "*";
PrincipalSearcher principalSearcher = new PrincipalSearcher(userPrincipal);
ICollection<ActiveDirectoryAccount> result = new List<ActiveDirectoryAccount>();
foreach (UserPrincipal userSearchResult in principalSearcher.FindAll())
{
ActiveDirectoryAccount account = new ActiveDirectoryAccount()
{
AccountLockedOut = userSearchResult.IsAccountLockedOut(),
DistinguishedName = userSearchResult.DistinguishedName,
Description = userSearchResult.Description,
Enabled = userSearchResult.Enabled,
GUID = userSearchResult.Guid,
LastLogon = userSearchResult.LastLogon,
LastPasswordSet = userSearchResult.LastPasswordSet,
// The below line always comes back as null
LockoutTime = userSearchResult.AccountLockoutTime,
PasswordNeverExpires = userSearchResult.PasswordNeverExpires,
SAMAccountName = userSearchResult.SamAccountName,
SmartcardLogonRequired = userSearchResult.SmartcardLogonRequired,
UserCannotChangePassword = userSearchResult.UserCannotChangePassword,
UserPrincipalName = userSearchResult.UserPrincipalName
};
if (userSearchResult.GetUnderlyingObjectType() == typeof(DirectoryEntry))
{
using (DirectoryEntry entry = (DirectoryEntry)userSearchResult.GetUnderlyingObject())
{
account.WhenChanged = (DateTime)entry.Properties["whenChanged"].Value;
account.WhenCreated = (DateTime)entry.Properties["whenCreated"].Value;
// Tried the below to get the data as well but no luck.
if (userSearchResult.IsAccountLockedOut())
{
if (entry.Properties["lockoutTime"].Value != null)
{
account.Test = (string)entry.Properties["lockoutTime"].Value;
}
}
}
}
result.Add(account);
}
principalSearcher.Dispose();
return result.ToList();
}
我已经锁定了一个帐户以检查上面的代码是否可以读取 IsAccountLockedOut。它可以 returns 正确。 userSearchResult.AccountLockoutTime 或 (string)entry.Properties["lockoutTime"].Value;
我检查了 Active Directory 中的锁定时间 属性,当我锁定帐户时,它会为用户帐户填充。
有什么问题吗?
提前致谢。 :)
克里斯
当通过entry.Properties["lockoutTime"].Value获取时,lockoutTime属性是一个支持IADsLargeInteger接口的COM对象。
您可以使用此处的代码获取其值:
[ComImport,
InterfaceType(ComInterfaceType.InterfaceIsIDispatch),
Guid("9068270B-0939-11D1-8BE1-00C04FD8D503")]
public interface IADsLargeInteger
{
int HighPart{get;set;}
int LowPart{get;set;}
}
private DateTime? GetLockoutTime(DirectoryEntry de)
{
DateTime? ret = null;
IADsLargeInteger largeInt = de.Properties["lockoutTime"].Value as IADsLargeInteger;
if (largeInt != null)
{
long ticks = (long)largeInt.HighPart << 32 | largeInt.LowPart;
// 0 means not lockout
if (ticks != 0)
{
ret = DateTime.FromFileTimeUtc(ticks.Value);
}
}
return ret;
}
请注意 lockoutTime 的值是帐户被锁定的时间,而不是 "locked until" 的时间。