How to set user account flags in Active Directory using C#


The following code helps in setting "user account flags" for an NT User in active directory.

The typical attributes which one tries to set for an NT user for access control are
1. "Password Never Expires"
2. "User cannot change password"
3. "User should modify the pwd on next logon"
4. "Account Disabled"

The code given below helps in acheiving the same.


Note: System.DirectoryServices.Automation needs to be included.

PrincipalContext ctx = new PrincipalContext( ContextType.Domain,"DNS Name");

UserPrincipal principal = UserPrincipal.FindByIdentity(ctx, "domain\\userid");

1. For selecting the checkbox "Password Never Expires"
principal.PasswordNeverExpires = true;
2. For selecting the checkbox "User cannot change password"
principal.UserCannotChangePassword = true;
3. For selecting the checkbox "User should modify the pwd on next logon"
principal.ExpirePasswordNow();
For the above code to function PasswordNeverExpires and UserCannotChangePassword properties should be set to false.
4. For selecting the checkbox " Account Disabled"
principal.Enabled = false;

Data can be updated in AD by using the following statement.
principal.Save();


Comments

No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: