How to set AccountExpires in VB.NET via a AD DirectoryEntry
I needed to set the accountExpires property in the AD DirectoryEntry couldn't find a simple answer. Found some information;
http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/182bfb6a-8b23-4c96-9379-101a4d91241a
http://www.rlmueller.net/AccountExpires.htm
Saw some articles re ADS****.dll but didn't think I needed to use this method
Dim valueToSet As Date = Now.AddDays(10)
Dim ADSPath As String = "LDAP://cn=..."
Dim de As DirectoryEntry = New DirectoryEntry(ADSPath)
Dim d As TimeSpan = valueToSet.ToUniversalTime - Date.Parse("01/01/1601")
Dim ValueToSetAsString As String = d.Ticks.ToString
' it appears that the ticks value is too large for the value of the directory entry
' converting to a string (18 chars or so) works!
de.Properties("accountexpires").Value = ValueToSetAsString
Thanks to Brian it looks like the large amount of code wrote above can be simplified;
de.Properties("accountexpires").Value = valueToSet.ToFileTime.ToString
A function to return the AccountExpires and other largeInteger issues in VB.NET
Function ConvertADValueToDateTime(ByVal li As Object) As DateTime
' http://bytes.com/topic/visual-basic-net/answers/512901-lastlogontimestamp
Try
Dim lngHigh = li.HighPart
Dim lngLow = li.LowPart
Dim lastLogon = (lngHigh * 2 ^ 32) - lngLow
Dim returnDateTime As DateTime = DateTime.FromFileTime(lastLogon)
Return returnDateTime
Catch ex As Exception
Return Nothing
End Try
End Function
Example use :
Dim d As DateTime = ConvertADValueToDateTime(de.Properties("accountexpires").value)
If d = "01/01/1601" Then
' no expiry date
Return Nothing
Else
Return d
End If
An alternative method
Answer
Something like this will set your account to expire in 30 days:
Dim de As New DirectoryEntry("LDAP://cn=foo,cn=users,dc=contoso,dc=com")
de.Properties["accountExpires"].Value = DateTime.UtcNow.AddDays(30).ToFileTime()
de.CommitChanges()