private LockoutData GetLockoutData(string server)
{
//string strDomain = comboBoxDomain.Text;
string strLoginID = textBoxUsername.Text;
string strLoginPassword = textBoxPassword.Text;
string user_id = textBoxUserIDSearch.Text;
LockoutData ld = new LockoutData();
if (string.IsNullOrEmpty(user_id))
{
return(ld);
}
//DirectoryEntry root = AD.GetDirectoryEntry("LDAP://" + server,strLoginID,strLoginPassword);
//DirectorySearcher searcher = new DirectorySearcher(root);
//string strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + user_id + "))";
//searcher.PageSize = 1000;
//searcher.Filter = strFilter;
//searcher.PropertiesToLoad.Add("userAccountControl");
//searcher.PropertiesToLoad.Add("pwdLastSet");
//searcher.PropertiesToLoad.Add("msDS-ReplAttributeMetaData");
//SearchResult result;
//try
//{
// result = searcher.FindOne();
//}
//catch (Exception ex)
//{
// Console.WriteLine(ex.Message);
// return ld;
//}
string strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + user_id + "))";
string[] props = { "userAccountControl", "pwdLastSet", "msDS-ReplAttributeMetaData" };
SearchResultCollection results = AD.GetSearchResults(server, strFilter, props, strLoginID, strLoginPassword);
if (results != null)
{
if (results.Count == 0)
{
//MessageBox.Show("Not found: " + user_id, "Not found", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
}
else
{
SearchResult result = results[0];
ld.user_id = user_id;
if (result.Properties.Contains("userAccountControl"))
{
int userAccountControlValue = (int)result.Properties["userAccountControl"][0];
AD.ADS_USER_FLAG_ENUM userAccountControl = (AD.ADS_USER_FLAG_ENUM)userAccountControlValue;
ld.user_state = (userAccountControlValue & (int)AD.ADS_USER_FLAG_ENUM.ADS_UF_LOCKOUT) == (int)AD.ADS_USER_FLAG_ENUM.ADS_UF_LOCKOUT ? "Locked" : "Not Locked";
}
if (result.Properties.Contains("pwdLastSet"))
{
long lngPasswordChanged = (long)result.Properties["pwdLastSet"][0];
DateTime dtmLastSet = DateTime.FromFileTime(lngPasswordChanged);
ld.pwd_last_set = dtmLastSet.ToString();
int intDaysOld = (int)(DateTime.Now - dtmLastSet).TotalDays;
string suffix = intDaysOld > 1 ? " days" : " day";
ld.password_age = intDaysOld.ToString() + suffix;
}
//Console.WriteLine(xml);
PrincipalContext principalContext = AD.GetPrincipalContext(server, strLoginID, strLoginPassword);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, textBoxUserIDSearch.Text);
if (userPrincipal.IsAccountLockedOut())
{
ld.user_state = "Locked";
ld.bad_pwd_count = userPrincipal.BadLogonCount;
//userPrincipal.UnlockAccount()
//userPrincipal.SetPassword()
//userPrincipal.Save()
//userPrincipal.RefreshExpiredPassword()
//userPrincipal.LastBadPasswordAttempt
foreach (string property in result.Properties["msDS-ReplAttributeMetaData"])
{
if (property.ToLower().Contains("lockouttime") && property.ToLower().Contains("pszlastoriginatingdsadn"))
{
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(property);
Console.WriteLine("*****************");
Console.WriteLine(xmlDoc.SelectSingleNode("DS_REPL_ATTR_META_DATA/pszLastOriginatingDsaDN").InnerText);
Console.WriteLine(xmlDoc.SelectSingleNode("DS_REPL_ATTR_META_DATA/pszLastOriginatingDsaDN").Value);
Console.WriteLine("*****************");
string strPattern = "CN=NTDS Settings,CN=(?<servername>[^,]+),";
Regex objRegEx = new Regex(strPattern, RegexOptions.IgnoreCase);
MatchCollection colMatches = objRegEx.Matches(property);
if (colMatches.Count > 0)
{
ld.orig_lock = colMatches[0].Groups["servername"].Value;
}
}
}
}
else
{
ld.user_state = "Not Locked";
ld.orig_lock = "N/A";
//ld.lockout_time = "N/A";
//long lngLockoutTime = (long)result.Properties["lockouttime"][0];
//ld.lockout_time = DateTime.FromFileTime(lngLockoutTime).ToLocalTime().ToString();
}
ld.lockout_time = userPrincipal.AccountLockoutTime == null ? "N/A" : ((DateTime)userPrincipal.AccountLockoutTime).ToLocalTime().ToString();
ld.last_bad_pwd = userPrincipal.LastBadPasswordAttempt == null ? "None" : ((DateTime)userPrincipal.LastBadPasswordAttempt).ToLocalTime().ToString();
DirectoryEntry blah = AD.GetDirectoryEntry("LDAP://" + server + "/" + userPrincipal.DistinguishedName, strLoginID, strLoginPassword);
Console.WriteLine(blah.Properties.Contains("msDS-ReplAttributeMetaData"));
//Console.WriteLine(blah.Properties["msDS-ReplAttributeMetaData"][0]);
//msDS-ReplAttributeMetaData
foreach (var name in result.Properties.PropertyNames)
{
Console.WriteLine(name.ToString());
}
}
}
return(ld);
}
private void buttonGo_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(textBoxUserIDSearch.Text))
{
return;
}
if (string.IsNullOrEmpty(comboBoxSite.Text))
{
DialogResult ret = MessageBox.Show("Search ALL domain controlers?", "Search All DCs?", MessageBoxButtons.YesNo, MessageBoxIcon.Question, MessageBoxDefaultButton.Button2);
if (ret != DialogResult.Yes)
{
comboBoxSite.Focus();
return;
}
}
EnableControls(false);
//Clear list
listView1.Items.Clear();
//Get DC list
List <MyServer> listServers = GetDomainControllers();
foreach (MyServer srv in listServers)
{
Console.WriteLine(srv.Name);
}
//loop through DCs in list, querying each server for user info
foreach (MyServer DC in listServers)
{
string dcShortName;
if (DC.Name.Contains("."))
{
dcShortName = DC.Name.Substring(0, DC.Name.IndexOf("."));
}
else
{
dcShortName = DC.Name;
}
//Server, Site, User State, Bad Pwd Count, Last Bad Pwd, Pwd Last, Lockout Time, Orig Lock
LockoutData data = GetLockoutData(DC.Name);
if (string.IsNullOrEmpty(data.user_id))
{
MessageBox.Show("Could not find data for: " + textBoxUserIDSearch.Text, "Not found", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
EnableControls(true);
return;
}
ListViewItem lvi = new ListViewItem(DC.Name);
lvi.SubItems.Add(dcShortName);
lvi.SubItems.Add(data.user_id);
lvi.SubItems.Add(DC.SiteName);
lvi.SubItems.Add(data.user_state);
lvi.SubItems.Add(data.bad_pwd_count.ToString());
lvi.SubItems.Add(data.last_bad_pwd);
lvi.SubItems.Add(data.pwd_last_set);
lvi.SubItems.Add(data.lockout_time);
lvi.SubItems.Add(data.orig_lock);
lvi.SubItems.Add(data.password_age);
listView1.Items.Add(lvi);
}
EnableControls(true);
}
