public void FindLockedAccounts()
{
System.DirectoryServices.ActiveDirectory.Forest forest = System.DirectoryServices.ActiveDirectory.Forest.GetCurrentForest();
System.DirectoryServices.ActiveDirectory.DirectoryContext context = null;
foreach (System.DirectoryServices.ActiveDirectory.Domain thisDomain in forest.Domains)
{
string domainName = thisDomain.Name;
System.Console.WriteLine(domainName);
context = new System.DirectoryServices.ActiveDirectory.DirectoryContext(System.DirectoryServices.ActiveDirectory.DirectoryContextType.Domain, domainName);
} // Next thisDomain
//get our current domain policy
System.DirectoryServices.ActiveDirectory.Domain domain = System.DirectoryServices.ActiveDirectory.Domain.GetDomain(context);
System.DirectoryServices.DirectoryEntry root = domain.GetDirectoryEntry();
// System.DirectoryServices.DirectoryEntry AdRootDSE = new System.DirectoryServices.DirectoryEntry("LDAP://rootDSE");
// string rootdse = System.Convert.ToString(AdRootDSE.Properties["defaultNamingContext"].Value);
// System.DirectoryServices.DirectoryEntry root = new System.DirectoryServices.DirectoryEntry(rootdse);
DomainPolicy policy = new DomainPolicy(root);
//default for when accounts stay locked indefinitely
string qry = "(lockoutTime>=1)";
// System.TimeSpan duration = new TimeSpan(0, 30, 0);
System.TimeSpan duration = policy.LockoutDuration;
if (duration != System.TimeSpan.MaxValue)
{
System.DateTime lockoutThreshold = System.DateTime.Now.Subtract(duration);
qry = string.Format("(lockoutTime>={0})", lockoutThreshold.ToFileTime());
} // End if (duration != System.TimeSpan.MaxValue)
System.DirectoryServices.DirectorySearcher ds = new System.DirectoryServices.DirectorySearcher(root, qry);
using (System.DirectoryServices.SearchResultCollection src = ds.FindAll())
{
foreach (System.DirectoryServices.SearchResult sr in src)
{
long ticks = (long)sr.Properties["lockoutTime"][0];
System.Console.WriteLine("{0} locked out at {1}", sr.Properties["name"][0], System.DateTime.FromFileTime(ticks));
} // Next sr
} // End Using src
} // End Sub FindLockedAccounts
/// <summary>
/// This method is used to enable or disable selective authentication for an inbound trust for the localForest
/// </summary>
/// <param name="localForest">Local Forest Name</param>
/// <param name="userName">Domain admin user name for Local Forest</param>
/// <param name="password">Domain admin password for Local Forest</param>
/// <param name="targetForest">Target Forest Name</param>
/// <param name="enable">true or false</param>
public void setSelectiveAuth(string localForest, string userName, string password, string targetForest, bool enable)
{
System.DirectoryServices.ActiveDirectory.DirectoryContext context = new System.DirectoryServices.ActiveDirectory.DirectoryContext(System.DirectoryServices.ActiveDirectory.DirectoryContextType.Forest, localForest, userName, password);
System.DirectoryServices.ActiveDirectory.Forest forest = System.DirectoryServices.ActiveDirectory.Forest.GetForest(context);
forest.SetSelectiveAuthenticationStatus(targetForest, enable);
}
/// <summary>
/// This method is used to enable or disable selective authentication for an inbound trust for the localForest
/// </summary>
/// <param name="localForest">Local Forest Name</param>
/// <param name="userName">Domain admin user name for Local Forest</param>
/// <param name="password">Domain admin password for Local Forest</param>
/// <param name="targetForest">Target Forest Name</param>
/// <param name="enable">true or false</param>
public void setSelectiveAuth(string localForest, string userName, string password, string targetForest, bool enable)
{
System.DirectoryServices.ActiveDirectory.DirectoryContext context = new System.DirectoryServices.ActiveDirectory.DirectoryContext(System.DirectoryServices.ActiveDirectory.DirectoryContextType.Forest, localForest, userName, password);
System.DirectoryServices.ActiveDirectory.Forest forest = System.DirectoryServices.ActiveDirectory.Forest.GetForest(context);
forest.SetSelectiveAuthenticationStatus(targetForest, enable);
}
