如何使用 C++ 在 ActiveDirectory 中获取 maxpwdAge 属性值?

2022-01-07 00:00:00 windows winapi active-directory c++

我正在使用 AD Server,我想获得 ma??xpwdAge 属性 值...

i am working with AD Server,i want to get the maxpwdAge attribute value...

我已经为此尝试了 ADSi,但它出现了问题.

i already try ADSi for that,but it gives an issue.

VARIANT var;
bsNamingContext=L"maxpwdAge";

hr = ADsGetObject(pszADsPath, IID_IADsUser, (void**) &pUser);
if(SUCCEEDED(hr))
{
VariantInit(&var);
hr = pUser->Get(bsNamingContext, &var);  
}

但是,它给出了 -2147463155 (8000500d) 错误...

but,it gives -2147463155 (8000500d) error...

但我使用的是 bsNamingContext=L"cn";它正确地给出了 CN 值...

but i am using bsNamingContext=L"cn"; it gives the CN values correctly...

有人能解决吗?

推荐答案

maxpwdAge 不包含在 user/contact/person LDAP 类中,因此您无法通过这种方式检索它.

maxpwdAge is not included in user/contact/person LDAP class, so you can not retrieve it that way.

您需要从域对象查询,而不是从用户对象

You need to query it from domain object, not user object

试试这个:

Const ONE_HUNDRED_NANOSECOND = .000000100   ' .000000100 is equal to 10^-7
Const SECONDS_IN_DAY = 86400

Set objDomain = GetObject("LDAP://DC=fabrikam,DC=com")     ' LINE 4
Set objMaxPwdAge = objDomain.Get("maxPwdAge")              ' LINE 5

If objMaxPwdAge.LowPart = 0 Then
  WScript.Echo "The Maximum Password Age is set to 0 in the " & _
               "domain. Therefore, the password does not expire."
  WScript.Quit
Else
  dblMaxPwdNano = Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
  dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND   ' LINE 13
  dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)      ' LINE 14
  WScript.Echo "Maximum password age: " & dblMaxPwdDays & " days"
End If

更新:

要将大整数转换为人类可读的值,请使用 IADsLargeInteger 调度接口

To convert large integer to human readable value use IADsLargeInteger dispatch interface

注意 1 : 示例在 VB 中,但由于 COM,您可以轻松地重写它.

Note 1 : Example is in VB, but you can easily rewrite it, because of COM.

注意 2:maxpwdAge 不是按用户配置的,而是按域配置的(直到启用细粒度密码策略)

Note 2 : maxpwdAge is not configured per user, but per domain (until fine-grained password policies are enabled)

进一步阅读:

  • http://msdn.microsoft.com/en-us/library/ms974598.aspx [推荐]
  • http://msdn.microsoft.com/en-us/library/cc220201%28prot.20%29.aspx
  • http://ldapwiki.willeke.com/wiki/AD%20Determining%20Password%20Expiration
  • http://ldapwiki.willeke.com/wiki/Domain%20Wide%20Account%20Policies

相关文章