question

PARTHDESAI-2292 avatar image
0 Votes"
PARTHDESAI-2292 asked PARTHDESAI-2292 commented

How to set maxPwdAge and lockoutduration ?

How to set maxPwdAge and lockoutDuration in windows server 2012 using C# ?

dotnet-csharp
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Castorix31 avatar image
0 Votes"
Castorix31 answered

You can try with Net APIs
This worked for me, but I could only test on my PC (sServerName = empty) =>

 string sServerName = "";
 IntPtr pUMI = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(USER_MODALS_INFO_0)));
 int nRet = NetUserModalsGet(sServerName, 0, ref pUMI);
 if (nRet == 0)
 {
     var umi = (USER_MODALS_INFO_0)Marshal.PtrToStructure(pUMI, typeof(USER_MODALS_INFO_0));
     Console.WriteLine("Max Password Age : {0}", umi.usrmod0_max_passwd_age / (60 * 60 * 24));
    
     umi.usrmod0_max_passwd_age -= (60 * 60 * 24);
     Marshal.StructureToPtr(umi, pUMI, false);
     uint nError = 0;
     nRet = NetUserModalsSet(sServerName, 0, pUMI, ref nError);
     if (nRet == 0)
     {
         Console.WriteLine("New Max Password Age : {0}", umi.usrmod0_max_passwd_age / (60 * 60 * 24));
     }
     else
     {
         string sErrorMessage = new System.ComponentModel.Win32Exception(nRet).Message;
         System.Windows.Forms.MessageBox.Show("Error : " + nRet.ToString() + Environment.NewLine + sErrorMessage + Environment.NewLine, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
     }
 }
 else
 {
     string sErrorMessage = new System.ComponentModel.Win32Exception(nRet).Message;
     System.Windows.Forms.MessageBox.Show("Error : " + nRet.ToString() + Environment.NewLine + sErrorMessage + Environment.NewLine, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
 }
 Marshal.FreeHGlobal(pUMI);

Declarations :

 [DllImport("NetApi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
 public static extern int NetUserModalsGet(string servername, uint level, ref IntPtr bufptr);
    
 [DllImport("NetApi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
 public static extern int NetUserModalsSet(string servername, uint level, IntPtr bufptr, ref uint parm_err);
    
 [StructLayout(LayoutKind.Sequential)]
 public struct USER_MODALS_INFO_0
 {
     public uint usrmod0_min_passwd_len;
     public uint usrmod0_max_passwd_age;
     public uint usrmod0_min_passwd_age;
     public uint usrmod0_force_logoff;
     public uint usrmod0_password_hist_len;
 }
    
 [StructLayout(LayoutKind.Sequential)]
 public struct USER_MODALS_INFO_1
 {
     public uint usrmod1_role;
     public string usrmod1_primary;
 }
    
 [StructLayout(LayoutKind.Sequential)]
 public struct USER_MODALS_INFO_2
 {
     public string usrmod2_domain_name;
     public IntPtr usrmod2_domain_id;
 }
    
 [StructLayout(LayoutKind.Sequential)]
 public struct USER_MODALS_INFO_3
 {
     public uint usrmod3_lockout_duration;
     public uint usrmod3_lockout_observation_window;
     public uint usrmod3_lockout_threshold;
 }
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TimonYang-MSFT avatar image
0 Votes"
TimonYang-MSFT answered PARTHDESAI-2292 commented

You can use Process to call net accounts to set these properties.

            var process = new Process
             {
                 StartInfo = new ProcessStartInfo()
                 {
                     FileName = "net",
                     Arguments = "accounts /lockoutduration:35",
                     UseShellExecute = false,
                     RedirectStandardOutput = true,
                     CreateNoWindow = true,
                        
                 }
             };
             process.Start();

80339-2.png
80439-3.png

It should be noted that you need to use administrator privileges to set it. When I use non-administrator privileges, there is no error, but the modification is unsuccessful.

Setting maxPwdAge is similar to this, only need to modify Arguments.

net accounts /maxpwage:30


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


2.png (869 B)
3.png (811 B)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I want to set the maxPwdAge using C# where my application is running on another PC which is in domain.
I am using below Code

DirectoryEntry domain = new DirectoryEntry("LDAP://xxxxxxxx", "Administrator", "Admin@123");
domain.Properties["maxPwdAge"].Value = 10;
domai.commitchanges();

But It throws error as below on commitchanges line.

System.DirectoryServices.DirectoryServicesCOMException (0x8007001F): A device attached to the system is not functioning.

 at System.DirectoryServices.DirectoryEntry.CommitChanges()
 at ADSync_ClientPCDemo.SecuritySettings.button2_Click(Object sender, EventArgs e) in E:\MIPL\Active Directory PC\ADSync_ClientPCDemo\ADSync_ClientPCDemo\SecuritySettings.cs:line 83




0 Votes 0 ·

Have you really connected to the server? When the username is longer than 20 or there are some special characters that are not escaped, the same error may be caused.
How can add a user in Active Directory around 30 characters in length
Active Directory update

0 Votes 0 ·