Directory Programming .NET

I know you can find all users whose passwords will expire within a specified number of days (e.g., within the next 10 days), like so:



        public void PrincipalSearchEx4()
        {
            // get today's date
            DateTime dt = DateTime.Today;
            // add 10 days
            DateTime add10dt = dt.AddDays(10);

            // run a query
            PrincipalSearchResult<UserPrincipal> results =
                UserPrincipal.FindByExpirationTime(
                    adPrincipalContext,
                    add10dt,
                    MatchType.LessThanOrEquals);

            Response.Write("users whose passwords expire in 10 days  " + dt.AddDays(10).ToShortDateString());
            foreach (Principal result in results)
            {
                Response.Write("name: " + result.Name.ToString() + "<br>");
            }

        }

But how do you get the users whose passwords will expire exactly 10 days from now? You can't use MatchType.Equals -- seems like a conversion issue with the dateTime.  Any ideas?

Thanks,

Jack

The underlying query has to be a compound LDAP filter like:

(&(pwdLastSet>=xxxxxxxx)(pwdLastSet<=xxxxxxxxxx))

What I'm not sure about is if SDS.AccountManagement has built in query semantics to support this type of filter generation. Equals would not give you the behavior you want as the value must be specified as FILETIME value in the filter which is in 100ns intervals, thus not really catching very many people.

If you need to, you could execute two separate searches and then eliminate the ones that aren't in both. There might be some cool Linq syntax to do that. It would obviously be much more efficient to do this on the server side though.

Sorry I don't have a better idea right off the top of my head. I haven't used many of the FindBy SDS.AM methods in much more than "kicking the tires" mode.