public void FindLockedAccounts() { System.DirectoryServices.ActiveDirectory.Forest forest = System.DirectoryServices.ActiveDirectory.Forest.GetCurrentForest(); System.DirectoryServices.ActiveDirectory.DirectoryContext context = null; foreach (System.DirectoryServices.ActiveDirectory.Domain thisDomain in forest.Domains) { string domainName = thisDomain.Name; System.Console.WriteLine(domainName); context = new System.DirectoryServices.ActiveDirectory.DirectoryContext(System.DirectoryServices.ActiveDirectory.DirectoryContextType.Domain, domainName); } // Next thisDomain //get our current domain policy System.DirectoryServices.ActiveDirectory.Domain domain = System.DirectoryServices.ActiveDirectory.Domain.GetDomain(context); System.DirectoryServices.DirectoryEntry root = domain.GetDirectoryEntry(); // System.DirectoryServices.DirectoryEntry AdRootDSE = new System.DirectoryServices.DirectoryEntry("LDAP://rootDSE"); // string rootdse = System.Convert.ToString(AdRootDSE.Properties["defaultNamingContext"].Value); // System.DirectoryServices.DirectoryEntry root = new System.DirectoryServices.DirectoryEntry(rootdse); DomainPolicy policy = new DomainPolicy(root); //default for when accounts stay locked indefinitely string qry = "(lockoutTime>=1)"; // System.TimeSpan duration = new TimeSpan(0, 30, 0); System.TimeSpan duration = policy.LockoutDuration; if (duration != System.TimeSpan.MaxValue) { System.DateTime lockoutThreshold = System.DateTime.Now.Subtract(duration); qry = string.Format("(lockoutTime>={0})", lockoutThreshold.ToFileTime()); } // End if (duration != System.TimeSpan.MaxValue) System.DirectoryServices.DirectorySearcher ds = new System.DirectoryServices.DirectorySearcher(root, qry); using (System.DirectoryServices.SearchResultCollection src = ds.FindAll()) { foreach (System.DirectoryServices.SearchResult sr in src) { long ticks = (long)sr.Properties["lockoutTime"][0]; System.Console.WriteLine("{0} locked out at {1}", sr.Properties["name"][0], System.DateTime.FromFileTime(ticks)); } // Next sr } // End Using src } // End Sub FindLockedAccounts
/// <summary> /// This method is used to enable or disable selective authentication for an inbound trust for the localForest /// </summary> /// <param name="localForest">Local Forest Name</param> /// <param name="userName">Domain admin user name for Local Forest</param> /// <param name="password">Domain admin password for Local Forest</param> /// <param name="targetForest">Target Forest Name</param> /// <param name="enable">true or false</param> public void setSelectiveAuth(string localForest, string userName, string password, string targetForest, bool enable) { System.DirectoryServices.ActiveDirectory.DirectoryContext context = new System.DirectoryServices.ActiveDirectory.DirectoryContext(System.DirectoryServices.ActiveDirectory.DirectoryContextType.Forest, localForest, userName, password); System.DirectoryServices.ActiveDirectory.Forest forest = System.DirectoryServices.ActiveDirectory.Forest.GetForest(context); forest.SetSelectiveAuthenticationStatus(targetForest, enable); }
/// <summary> /// This method is used to enable or disable selective authentication for an inbound trust for the localForest /// </summary> /// <param name="localForest">Local Forest Name</param> /// <param name="userName">Domain admin user name for Local Forest</param> /// <param name="password">Domain admin password for Local Forest</param> /// <param name="targetForest">Target Forest Name</param> /// <param name="enable">true or false</param> public void setSelectiveAuth(string localForest, string userName, string password, string targetForest, bool enable) { System.DirectoryServices.ActiveDirectory.DirectoryContext context = new System.DirectoryServices.ActiveDirectory.DirectoryContext(System.DirectoryServices.ActiveDirectory.DirectoryContextType.Forest, localForest, userName, password); System.DirectoryServices.ActiveDirectory.Forest forest = System.DirectoryServices.ActiveDirectory.Forest.GetForest(context); forest.SetSelectiveAuthenticationStatus(targetForest, enable); }