I m trying to perform some basic AD User managment tasks in C# using .Net 3.5
I ve got a System.DirectoryServices.AccountManagement.UserPrincipal object that contains the user details.
I can call user.ExpirePasswordNow()
and the user will be forced to changed their password at next login (and the "Active Directory Users and Computers" GUI has the "User must change password at next logon" box checked.
However, I want to test the state of this property and act on it - I don t want to just always set it true via the ExpirePasswordNow()
function. How can I do this?
I ve found examples suggesting I access the underlying DirectoryEntry and its pwdLastSet
propperty - but this appears as an inpenetrable System.__ComObject type - it s probably a IADsLargeInteger but I cannot cast to that type due to its "protection level".
I m at a loss - can anyone help?