none
C# Active Directory and Accounts Locked Out RRS feed

  • Question

  • I am trying to see if an account is locked out but I cant figure out what I am doing wrong. If anyone has a moment Below is what i am attempting. I know the value I am looking for is 1 or 0 but when I go through the locals and find lockoutTime the value is {System.__ComObject}. Any advice would help

    long lockedOut;
    
    lockedOut = (long)result.GetDirectoryEntry().Properties["lockoutTime"][0];

    Thursday, January 4, 2018 7:06 PM

All replies

  • Tried using an object as well. no better luck.

    object comObj;
    
    comObj = result.GetDirectoryEntry().Properties["lockoutTime"][0];


    Thursday, January 4, 2018 7:19 PM
  • Hi Quarinteen,

    Thank you for posting here and sorry for late reply.

    Based on my test, the value of "lockoutTime" property is null. But you could set the Value. Set 0 to unlock.

    Here is the code I used to get the value Empty.

     static void Main(string[] args)
            {
                string strUserName = "XXXX";//UserName
                string strPath = "LDAP://DC=xxxx,DC=xxxx,DC=xxxx,DC=xxxx";
    
                DirectoryEntry usr = new DirectoryEntry(strPath);
                DirectorySearcher searcher = new DirectorySearcher(usr);
    
                searcher.Filter = "(SAMAccountName=" + strUserName + ")";
                searcher.CacheResults = false;
    
                SearchResult result = searcher.FindOne();
                var lockedOut = result.Properties["lockoutTime"];
    
                // Unlock("LDAP://DC=xxxx,DC=xxxx,DC=xxxx,DC=xxxx");
            }


    And you could set the lockoutTime value to 0 to unlock account.

     static void Main(string[] args)
            {
                Unlock("LDAP://DC=XXXX,DC=XXXX,DC=XXXX,DC=XXXX");
            }
            public static void Unlock(string userDn)
            {
                try
                {
                    DirectoryEntry uEntry = new DirectoryEntry(userDn);
                    uEntry.Properties["LockOutTime"].Value = 0; //unlock account
    
                    uEntry.CommitChanges(); //may not be needed but adding it anyways
    
                    uEntry.Close();
                }
                catch (System.DirectoryServices.DirectoryServicesCOMException E)
                {
                    //DoSomethingWith --> E.Message.ToString();
    
                }
            }

    For more details, you could refer to the article in code project.

    https://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, January 11, 2018 6:32 AM
    Moderator