How to Unit Test the NextPasswordChangeDate Function in Active Directory
I am working intensively on a project using Active Directory. I have set up several unit tests for several things against AD, some of which I achieve with mock objects, some of which I achieve through real calls against AD.
As one of the functions of my project, I have to get a so called "user profile". This user profile is mainly composed of simple attributes like "cn", "company", "employeeid", etc. However, one property that I am trying to fill in is not a simple "NextPasswordChangeDate".
As far as I know, the only way to get this is to get the maxPwdAge domain policy and use that information along with the pwdLastSet.
Now my question is, how can I unit test this in a sane way? I came up with three options, all of which are small:
- Use my own account as the account you are looking for, find out the date in other ways, and copy it into your unit test. This way I can unit test my code well, but every month I need to change the unit test because I changed my password.
- Use some account whose password never expires. It is useless because I cannot verify that my code is correct.
- Use the mock object and make sure the correct API calls are being made. This option allows you to test the correctness of the function's behavior, but then the tested logic is actually in the unit test, and therefore I cannot be sure that it does the right thing even if the test is passed.
Which of the three do you suggest? Or maybe you have a better option?
a source to share
Since 1 and 2 rely on existing ADs and have known values, I prefer the integration tests.
I tend to believe that any non-deterministic behavior should be coupled and, if possible, mocked (3). As you noted, this will always leave an amount of real implementation code that cannot be verified per unit, but will then be covered by your integration tests running against a known AD system.
a source to share