Ad Asp.Net Changing Passwords

We're using ASP.NET MVC and AdMembership provider for login, and for various reasons had to implement our own "Change Password on next Login" functionality.

We also have a nist requirement of not allowing more than one change per 24 hours. so it's set up that way in AD.

What we n开发者_运维百科eed is to Ignore that one requirement when resetting a password to default, we want the student to be forced to change the password on the next logon, even if it's before 24 hours.

here is my stab at it. Basically I want to change the PwdLastSet property to a value more than 24 hours old after we reset the password.

    if ( bSetToDefault )
    {
        var adDate                  = userToActOn.ADEntry.Properties[ "PwdLastSet" ][ 0 ];
        DateTime passwordLastSet    = DateTime.FromFileTime( ( Int64 ) adDate );
        passwordLastSet             = System.DateTime.Now.AddHours( -25 );
        long filetime               = passwordLastSet.ToFileTimeUtc();
        userToActOn.ADEntry.Properties[ "PwdLastSet" ][ 0 ] = filetime;
    }

But I keep getting null back even when I know the users password has been changed.

anyone got any hints or suggestions? Am I looking in the wrong property?

hmm this attribute is replicated so should always be available. Try the command line script to see if it shows up:

http://www.rlmueller.net/PwdLastChanged.htm

Its possible because its a 64bit date and not doing a conversion? Try the script though and see if it works. if it does, then look at the Integer8Date procedure in it for your date conversion.

If you use System.DirectoryServices.AccountManagement then there is an exposed method for the User Principal to expire the password immediately. So it will be as easy as calling it like such oUserPrincipal.ExpirePasswordNow(); for more info about using it please see this article.