locked
Return pwdLastSet property LDAP RRS feed

  • Question

  • User571976127 posted

    Using the code below I am able to query and return the LDAP attributes listed.  However, I am trying to retrieve the pwdLastSet property, which returns a type mismatch error.

    Haven't been able to figure out how to modify this to return this value.

    <%

    Function getADUserInfo(strUID)
    'on error resume next
    strGeneralLookupError = false
    strBase = "<LDAP://DC=MYDOMAIN, DC=local>"
    strFilter = "(sAMAccountName=" & strUID & ")"
    strAttributes = "mail, company, givenName, sn, memberOf, ADsPath, name, sAMAccountName, displayName,
    distinguishedName, badPwdCount, department "
    strScope = "subtree"
    strFullCommand = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
    set rsADUserInfo = Server.CreateObject("ADODB.Recordset")
    set rsADUserInfo = connAD.Execute(strFullCommand)
    if err.number <> 0 then
    strGeneralLookupError = true
    end if
    set getADUserInfo = rsADUserInfo
    set rsADUserInfo = Nothing
    End Function

    Sub getUserData(p_strUserID)
    'on error resume next
    set rsUserData = Server.CreateObject("ADODB.Recordset")
    set rsUserData = getADUserInfo(p_strUserID)
    if not rsUserData.EOF then

    Response.Write("givenName = " & rsUserData("givenName") & "<br />")
    Response.Write("sn = " & rsUserData("sn") & "<br />")
    Response.Write("company = " & rsUserData("company") & "<br />")
    Response.Write("mail = " & rsUserData("mail") & "<br />")
    Response.Write("displayName = " & rsUserData("displayName") & "<br />")
    Response.Write("samaccountname = " & rsUserData("samaccountname") & "<br />")
    Response.Write("distinguishedName = " & rsUserData("distinguishedName") & "<br />")
    Response.Write("badPwdCount = " & rsUserData("badPwdCount") & "<br />")
    Response.Write("department = " & rsUserData("department") & "<br />")

    else
    strADLookupSuccess = false
    end if
    rsUserData.Close
    set rsUserData = Nothing

    End Sub


    ' =--------------------------------------------------------------

    DIM connAD, rsUserData, rsADUserInfo
    DIM strUserGN, strUserSN, strUserOU, strUserEmail, strUser_displayName, strUser_samaccountname,
    strUser_distinguishedName
    DIM strBase, strFilter,strAttributes, strScope, strFullCommand
    DIM strGeneralLookupError, strADLookupSuccess
    DIM strUserID

    strUserGN = "The user can not be found in the system."
    strGeneralLookupError = false
    strADLookupSuccess = true

    set connAD = Server.CreateObject("ADODB.Connection")
    connAD.Provider = "ADsDSOObject"
    connAD.Properties("User ID") = "MYDOMAIN\ldaplogin" ' ### remember to make sure this user has rights to access AD
    connAD.Properties("Password") = "ldappwd"
    connAD.Properties("Encrypt Password") = true
    connAD.Open


    strUserID = "testuser"
    call getUserData(strUserID)

    connAD.Close
    set connAD = Nothing
    %>

    Friday, October 11, 2013 11:28 AM

Answers

  • User1508394307 posted

    Well, this should be easythen. Check this and this

    ' Retrieve user password information.
    ' The pwdLastSet attribute should always have a value assigned,
    ' but other Integer8 attributes representing dates could be "Null".
    If (TypeName(objUser.pwdLastSet) = "Object") Then
        Set objDate = objUser.pwdLastSet
        dtmPwdLastSet = Integer8Date(objDate, lngBias)
    Else
        dtmPwdLastSet = #1/1/1601#
    End If
    
    Function Integer8Date(ByVal objDate, ByVal lngBias)
        ' Function to convert Integer8 (64-bit) value to a date, adjusted for
        ' local time zone bias.
        Dim lngAdjust, lngDate, lngHigh, lngLow
        lngAdjust = lngBias
        lngHigh = objDate.HighPart
        lngLow = objdate.LowPart
        ' Account for error in IADsLargeInteger property methods.
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            lngAdjust = 0
        End If
        lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
            + lngLow) / 600000000 - lngAdjust) / 1440
        ' Trap error if lngDate is ridiculously huge.
        On Error Resume Next
        Integer8Date = CDate(lngDate)
        If (Err.Number <> 0) Then
            On Error GoTo 0
            Integer8Date = #1/1/1601#
        End If
        On Error GoTo 0
    End Function

    Hope this helps.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 11, 2013 12:27 PM

All replies

  • User1508394307 posted

    I don't see where you retrieve pwdLastSet. pwdLastSet is an int value, either 0 or -1.

    0 puts the user in "must change password at next login" mode.

    -1 essentially resets the password expiration by telling the DC to change pwdLastSet to the current time.

    So, if you think it is a date and trying to cast to datetime data type then you can get a type mismatch.


    Friday, October 11, 2013 11:38 AM
  • User571976127 posted

    Sorry, I took it out of my code before I pasted it becuase it wasn't working.  I am returning the pwdLastSet property the same way as the others, just adding the field at the end of the srtAttributes line:

    strAttributes = "mail, company, givenName, sn, memberOf, ADsPath, name, sAMAccountName, displayName, distinguishedName, badPwdCount, department, pwdLastSet "

    and writing it below like the others:

    Response.Write("pwdLastSet = " & rsUserData("pwdLastSet") & "<br />")

    It still returns type mismatch.

    In ADSI edit it appears as though pwdLastSet is a date value, not int.  It shows the date and time the password was last changed.  

    Friday, October 11, 2013 11:59 AM
  • User1508394307 posted

    Well, this should be easythen. Check this and this

    ' Retrieve user password information.
    ' The pwdLastSet attribute should always have a value assigned,
    ' but other Integer8 attributes representing dates could be "Null".
    If (TypeName(objUser.pwdLastSet) = "Object") Then
        Set objDate = objUser.pwdLastSet
        dtmPwdLastSet = Integer8Date(objDate, lngBias)
    Else
        dtmPwdLastSet = #1/1/1601#
    End If
    
    Function Integer8Date(ByVal objDate, ByVal lngBias)
        ' Function to convert Integer8 (64-bit) value to a date, adjusted for
        ' local time zone bias.
        Dim lngAdjust, lngDate, lngHigh, lngLow
        lngAdjust = lngBias
        lngHigh = objDate.HighPart
        lngLow = objdate.LowPart
        ' Account for error in IADsLargeInteger property methods.
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            lngAdjust = 0
        End If
        lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
            + lngLow) / 600000000 - lngAdjust) / 1440
        ' Trap error if lngDate is ridiculously huge.
        On Error Resume Next
        Integer8Date = CDate(lngDate)
        If (Err.Number <> 0) Then
            On Error GoTo 0
            Integer8Date = #1/1/1601#
        End If
        On Error GoTo 0
    End Function

    Hope this helps.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, October 11, 2013 12:27 PM