我正在尝试使用Active Directory来获取用户信息。在大多数情况下,它正在发挥作用。问题是我似乎无法获得用户上次登录日期。有人有什么建议吗?我的代码如下:
Public Shared Function GetUsersByUsername(ByVal Username As String) As ADUser
Dim myUser As New ADUser
Dim oroot As DirectoryEntry = New DirectoryEntry("GC://ldap.myCompany.com")
Dim osearcher As DirectorySearcher = New DirectorySearcher(oroot)
Dim result As SearchResult
osearcher.Filter = String.Format("(&(SAMAccountName={0}))", Username)
osearcher.PropertiesToLoad.Add("cn")
osearcher.PropertiesToLoad.Add("SAMAccountName") 'Users login name
osearcher.PropertiesToLoad.Add("givenName") 'Users first name
osearcher.PropertiesToLoad.Add("sn") 'Users last name
osearcher.PropertiesToLoad.Add("mail") 'Email address
osearcher.PropertiesToLoad.Add("accountExpires") 'expiration date
result = osearcher.FindOne
Try
Dim userPath As String() = result.Path.ToString.Split(New Char() {","c})
Dim parsedString As String
Dim User As DirectoryEntry
Dim expirationDate As String
User = result.GetDirectoryEntry()
myUser.UserID = result.Properties("cn").Item(0)
myUser.EmailAddress = result.Properties("mail").Item(0)
myUser.FirstName = result.Properties("givenName").Item(0)
myUser.LastName = result.Properties("sn").Item(0)
expirationDate = result.Properties("accountExpires").Item(0)
If (isAccountLocked(User) = True) Then
myUser.Status = ADUser.AccountStatus.Locked
ElseIf (isAccountEnabled(User) = False) Then
myUser.Status = ADUser.AccountStatus.Disabled
ElseIf (isAccountExpired(expirationDate) = True) Then
myUser.Status = ADUser.AccountStatus.Expired
Else
myUser.Status = ADUser.AccountStatus.Active
End If
parsedString = userPath((userPath.Length - 3))
myUser.Domain = parsedString.Substring(3, parsedString.Length - 3)
Catch ex As Exception
Return Nothing
End Try
Return myUser
End Function
答案 0 :(得分:1)
适合我:
加载属性:
osearcher.PropertiesToLoad.Add("lastLogon")
访问它:
dim myDateInterval = result.Properties("lastLogon").Item(0)
请注意,您将获得间隔值。我认为它是64位的,未签名的。 .NET中有一些转换方法,但它们只采用带符号的64位。还没有检查在问题出现之前的未来几年!
此外,如果你使用DirectoryServices中较新的UserPrincipal,那么它的lastlogon就会出现,它会返回一个可以为空的日期。
答案 1 :(得分:0)
您是否尝试过'lastLogon'LDAP属性?你的代码看起来很好,我猜你只是不确定信息存储在AD中的哪个位置?