Change account expiration date in "active directory" using Unbound Id?

Question

I am trying to change the account expiration date in windows active directory.

I can able to change the Never option in account expiry using the below code .

final Modification mod = new Modification(ModificationType.REPLACE,
        "accountExpires", "9223372036854775807");//Can change the required date with milliseconds

LDAPResult result=connection.modify(userDN, mod);

But , If I tried to change the account expiry date means , the code executed successfully and success was printed in console . But the date is not changed in the AD.

Here is my code to change or extend the account expiry date.

public class AccountExpireSetting {

public void ChangeAccountExpires(String userDN,String password , String dateToChange) throws LDAPException
{
    LDAPConnection connection=null;
    String someDate = null;
    try {
        connection = new LDAPConnectionObject().getConnection();
    } catch (LDAPException e1) {
        e1.printStackTrace();
    }


    try{
        SimpleDateFormat sdf = new SimpleDateFormat("dd.MM.yyyy");
        Date date = sdf.parse(dateToChange);
        System.out.println("Date to MillSeconds : "+date.getTime());
        someDate = String.valueOf(date.getTime());

        Date date1=new Date(date.getTime());
        System.out.println("MillSeconds to Date : "+date1);
    }
    catch(Exception e){
        e.printStackTrace();
    }

    try{

        System.out.println("Going to replace account expires to never");
        final Modification mod = new Modification(ModificationType.REPLACE,
                "accountExpires", someDate);// 9223372036854775807 milliseconds can change the password to never expire
        // 9223372036854775807  

        LDAPResult result=connection.modify(userDN, mod);
        System.out.println("Account expires status : " + result); // Password status : LDAPResult(resultCode=0 (success), messageID=2, opType='modify')
    }catch(LDAPException e) {
        // TODO Auto-generated catch block
        System.out.println("Error in replacing account expires to never");  

        e.printStackTrace();
    }finally
    {
        System.out.println("Closing the connection.");
        connection.close();
    }  
}
public static void main(String[] args) {
    // TODO Auto-generated method stub
    String temp="CN=Anand,OU=Java,OU=Chennai,OU=Department,dc=tstdmn,dc=com";
    try {
        new AccountExpireSetting().ChangeAccountExpires(temp, "password@123","08.06.2014");
    } catch (LDAPException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

}

}

Hope you people will give a better solution.

Answer 1

The acountExpires is not milliseconds but rather the number of 100 nanosecond intervals since January 1, 1601 (UTC).

If a user object in Active Directory has never had an expiration date, the accountExpires attribute is set to a huge number. The actual value is 2^63 – 1, or 9,223,372,036,854,775,807. This is because 64-bit numbers can range from -2^63 to 2^63 - 1, making this the largest number that can be saved as a 64-bit value. Obviously this represents a date so far in the future that it cannot be interpreted. In fact, AccountExpirationDate raises an error if it attempts to read this value. If a user object has an expiration date, and then you remove this date in ADUC by selecting "Never" on the "Account" tab, the GUI sets accountExpires to 0. Thus, the values 0 and 2^63 - 1 both really mean "Never"

For one way to change in Java try looking at this discussion.

-jim