2006-12-15 16:09:01
Programming Active Directory with .NET
One thing I had to figure out was how to change an AD user's account expiration date via a web page written in VB.NET. Sounds easy, right? So I logged into the DC, installed the support tools, and opened ADSI Edit. I found a user and went to it's properties. I was looking for accountExpirationDate. I found it, but the value was weird. The type was a Large Integer and the value looked to be a bunch of random numbers. After a bit of researching I found that it's a 64 bit integer. But it's not a regular 64 bit integer, it's a special AD 64 bit integer object. What's the difference? Well, you can't directly set the value of this special object like you would if it was a regular integer. Previously, I had to figure out how to decode this number to get a real date. That was difficult. Turns out, there are two properties of this object, HighPart and LowPart. So I researched what I needed to do with these and figured out how to convert those 2 "parts" (each a 32 bit integer) into one date. So great, I can decode it. How about encoding?I looked for days and found nothing that worked. Finally I found the solution. I don't have to do any math at all. There is a method of a DirectoryEntry that I can call (assuming _strUser contains the username and _strExpDate contains the new expiration date in string format).
Dim adUser As DirectoryServices.DirectoryEntry = dvsEndUserADGetObject(_strUser)
adUser.InvokeSet("AccountExpirationDate", New Object() {_strExpDate})
adUser.CommitChanges()
Viola! So you're probably wondering just what that 64 bit integer actually means. Well, it's the number of 100 nanosecond intervals from January 1, 1601 (http://msdn2.microsoft.com/en-gb/library/ms675098.aspx). Thank you Microsoft!Back