我有一个使用Active Directory进行身份验证的Web应用程序.我想添加一个选项,在密码即将到期时通知用户.

我设法做了一些事情,但我遇到的问题是到期天数是负数(daysLeft参数),但我仍然可以登录.

string domainAndUsername = @"LDAP://ldapUrl";

DirectoryEntry root = new DirectoryEntry(ldapServer, userID, userPwd, AuthenticationTypes.Secure);
DirectorySearcher mySearcher = new DirectorySearcher(root);
SearchResultCollection results;

string filter = "maxPwdAge=*";
mySearcher.Filter = filter;

results = mySearcher.FindAll();

long maxDays = 0;
if (results.Count >= 1)
{
    Int64 maxPwdAge = (Int64)results[0].Properties["maxPwdAge"][0];
    maxDays = maxPwdAge / -864000000000;
}

mySearcher = new DirectorySearcher(root);
mySearcher.Filter = "(&(objectCategory=user)(samaccountname=" + userID + "))";

results = mySearcher.FindAll();
long daysLeft = 0;
if (results.Count >= 1)
{
    var lastChanged = results[0].Properties["pwdLastSet"][0];
    daysLeft = maxDays - DateTime.Today.Subtract(
        DateTime.FromFileTime((long)lastChanged)).Days;
}

由于用户无法登录,如果帐户已过期,我猜我的错误是计算帐户到期之前的剩余天数…但我似乎无法找到它的位置.

最佳答案 这个片段工作正常,我还有三天要改变我的pw,包括今天：

    public static void Main(string[] args)
    {
        const ulong dataFromAD = 0xFFFFE86D079B8000;
        var ticks = -unchecked((long)dataFromAD);
        var maxPwdAge = TimeSpan.FromTicks(ticks);

        var pwdLastSet = new DateTime(2015,12,16,9,19,13);

        var pwdDeadline = (pwdLastSet + maxPwdAge).Date;

        Console.WriteLine(pwdDeadline);

        Console.WriteLine(pwdDeadline - DateTime.Today);

        Console.ReadKey(true);
    }

我还验证了TimeSpan.FromTicks( – (long)results [0] .Properties [“maxPwdAge”] [0])和DateTime.FromFileTime((long)results [0] .Properties [“pwdLastSet”] [0])表达式正确地从我们的AD中提取值.