我使用以下代码获取特定计算机的 LAPS 密码和到期日期:
string computerHostName = "hostname";
string domainController = "domain.lan";
DirectoryContext dirCtx = new DirectoryContext(DirectoryContextType.Domain, domainController);
using (Domain compsDomain = Domain.GetDomain(dirCtx))
using (DirectorySearcher adSearcher = new DirectorySearcher(compsDomain.GetDirectoryEntry()))
{
//this is the search criteria for the domain query
adSearcher.Filter = "(&(objectClass=computer) (cn=" + computerHostName + "))";
adSearcher.SearchScope = SearchScope.Subtree;
adSearcher.PropertiesToLoad.Add("ms-Mcs-AdmPwd");
adSearcher.PropertiesToLoad.Add("ms-Mcs-AdmPwdExpirationTime");
SearchResult searchResult = adSearcher.FindOne();
//Get the LAPS password
Console.WriteLine(searchResult.GetDirectoryEntry().Properties["ms-Mcs-AdmPwd"].Value);
//Should get the LAPS password expiration time
Console.WriteLine(searchResult.GetDirectoryEntry().Properties["ms-Mcs-AdmPwdExpirationTime"].Value);
}
Console.ReadLine();
但是,输出如下所示:
[此处为圈密码]
System.__ComObject
我尝试在线查找,并且已经看到了这个问题和这个问题,但我仍然无法让它工作。如何让脚本正常输出过期时间?
任何帮助都值得赞赏:)
Hans Passant向我推荐了这个链接: 如何将Active Directory pwdLastSet 转换为日期/时间
而不是使用:
Console.WriteLine(searchResult.GetDirectoryEntry().Properties["ms-Mcs-AdmPwdExpirationTime"].Value);
我应该改用:
Console.WriteLine((long)searchResult.Properties["ms-Mcs-AdmPwdExpirationTime"][0]);
正确输出:
132068789141660751