Reputation: 113
Can't get AD Attribute using DirectoryEntry (LAPS Attribute)
I'm having this issue where I can't retrieve a AD attribute via DirectoryEntry.
I can get it via DirectorySearcher, but I'm unable to get or set it via DirectoryEntry.
The attribute needed is ms-Mcs-AdmPwdExpirationTime which contains a NT TimeStamp, I have read and write to this attribute.
DirectoryEntry C# error in console
Error HRESULT E_FAIL has been returned from a call to a COM component
I've tried using the following yet still unable to retrieve the attribute.
RefreshCache (string[] propertyNames);
EDIT:
ComputerPrincipal comp = ComputerPrincipal.FindByIdentity(ctx, MachineName);
DirectoryEntry de = (DirectoryEntry)comp.GetUnderlyingObject();
if (de.Properties.Contains("ms-Mcs-AdmPwd") == true)
{
string Password = (String)de.Properties["ms-Mcs-AdmPwd"][0];
Password_Input.Text = Password;
DateTime NTTime = DateTime.FromFileTime(ConvertLargeIntegerToLong(de.Properties["ms-Mcs-AdmPwdExpirationTime"].Value));
PasswordExpiry_Value.Text = NTTime.ToString("dd/MM/yyyy hh:mm:ss");
Console.WriteLine();
}
else
{
Password_Input.Text = "Password not set by LAPS";
}
// down the bottom of the .cs
private static long ConvertLargeIntegerToLong(object largeInteger)
{
var type = largeInteger.GetType();
var highPart = Convert.ToInt32(type.InvokeMember("HighPart", BindingFlags.GetProperty, null, largeInteger, null));
var lowPart = Convert.ToInt32(type.InvokeMember("LowPart", BindingFlags.GetProperty, null, largeInteger, null));
return (long)highPart << 32 | (uint)lowPart;
}
Upvotes: 0
Views: 664
Answers (1)
Reputation: 507
For setting properties in the past I've used this for directoryentries
Path is the full LDAP path to the object but you can substitute de in your example above.
Hopefully that's enough to resolve you're issue or at least point you in a direction.
Theres also some other answers here on why you might be getting that error.
And here
public Boolean set_AD_property(string attribute_, string new_value)
{
this.AD_object = new DirectoryEntry(this.path_);
this.AD_object.Properties[attribute_].Value = new_value;
try
{
this.AD_object.CommitChanges();
this.AD_object.Close();
return true;
}
catch (System.Exception)
{
return false;
}
}
And for reading:
public object get_AD_property(string attribute_)
{
try
{
using (this.AD_object = new DirectoryEntry(this.path_))
{
return this.AD_object.Properties[attribute_].Value;
}
}
catch (ArgumentNullException x)
{
return new ArgumentNullException(x.Message, x);
}
}
Although this wont work for more complex properties like "members" or "memberOf"
Upvotes: 1
Related Questions
- How to get Active Directory User Account Attributes in C#
- Get Active Directory attributes from current domain user using LDAP
- Can't get user from Directoryentry
- Active Directory Attribute List Using c#
- Active Directory Strange Attribute Value
- Retrieving user attributes from Active Directory using LDAP - JAVA
- active directory auth getting invalid attribute description
- DirectoryEntry() not authenticated
- C# get obscure Active Directory Attributes
- Can I get Active Directory attributes from the WindowsPrincipal?