Determine if user's password is expired on AD

Question

User412374996 posted
Hi. Is there a way via ASP.NET 2.0 to determine if the user's AD password has expired? Thank you.

Answer 1

User-1513591455 posted

Yes - but you will need a login into AD itself to get those properties, and the use of AD classes.

Since the login is usually high level, it isn't recommended for web sites - you might want to write a service on the AD server that allows certain calls such as one to ask the simple question - has this "domain\user" expired and return a bool

A user AD item contains a number of flags, including the one you want.

Answer 2

User412374996 posted
Thanks, sbyard. I've got the read-only account to the AD to pull the necessary info -- just don't know how to get to the flag that indicates the user's password has expired or not.

Answer 3

User-1513591455 posted

You need to use the following class to get to where you want to go.

System.DirectoryServices.DirectoryEntry 

I have written directory entry browsers in the past, but cannot put my hand on the old code at the moment - there are plenty of examples out there - just search on DirectoryEntry!