How to get the "TimeToLive" property of a group member?

Question

I made a small program to add a user to a group for a while. I want to display the users of the group in the DataGridView. I want to know when the user leaves the group. I can find this out from powershell.

Get-ADGroup -Identity "UG_TS_CISCO" -Properties members -ShowMemberTimeToLive
****************
Members           : {<TTL=204236>,CN=Ilya Evseev,***, <TTL=31412>,CN=Vasyan Pupkin,***}

DirectoryEntry dc = new DirectoryEntry();
DirectorySearcher searcher= new DirectorySearcher(dc);
searcher.Filter = ("(&(objectCategory=group)(cn=UG_TS_CISCO))");

foreach (SearchResult src in searcher.FindAll()) {
    DirectoryEntry groupEntry = src.GetDirectoryEntry();
    object members = groupEntry.Invoke("members", null);

    foreach (object groupMember in (IEnumerable)members)
    {
        DirectoryEntry member = new DirectoryEntry(groupMember);
        dataGridView.Rows.Add(member.Properties["name"][0], member.Properties["sAMAccountName"][0]);

    }
}

But how to get this data from the application using DirectoryServices I can't understand.

Answer 1

According to this, you need to perform the search with the LDAP_SERVER_LINK_TTL LDAP extended control. I don't think DirectorySearcher allows you to add any extended controls manually.

You may have to resort to using LdapConnection and SearchRequest.

There's an example of how to use that in their Introduction to System.DirectoryServices.Protocols article.

To add that extended control, I think this should work (untested):

searchRequest.Controls.Add(new DirectoryControl("1.2.840.113556.1.4.2309", null, false, true));