Active Directory contains a number of attributes which hold date information. This article shows how to generate LDAP Filters for these attributes in both VbScript and PowerShell.

Date attributes

This LDAP Filter format can be used for the following attributes:

  • createTimeStamp
  • dsCorePropagationData
  • expirationTime
  • modifyTimeStamp
  • whenChanged
  • whenCreated

VbScript

This will produce a filter like “(whenCreated>=20090826110816.0Z)”. Accuracy is based on the source date, using Date() instead of Now() would result in accuracy to a day (e.g. “(whenCreated>=20090826000000.0Z)”).

PowerShell

As with the VbScript version this returns a string accurate to seconds. Accuracy can be modified by using (Get-Date).Date.AddDays(-1).

Interger8 attributes

An Interger8 date is represented by the number of 100-nanosecond intervals since the Microsoft epoch (01/01/1601 00:00:00). This format applies to the following attributes:

  • accountExpires
  • badPasswordTime
  • lastLogon
  • lastLogonTimeStamp
  • lockoutTime
  • pwdLastSet

Note that lastLogoff also uses this format but the value for the attribute is not maintained by Active Directory.

VbScript

This produces a filter like “(&(pwdLastSet<=128957595350000000)(!pwdLastSet=0))". As with the previous filter this is accurate to seconds, that can be modified by changing the source date in the same way as before.

PowerShell

accountExpires

Certain attributes, such as accountExpires, have default values that can make filtering using a date string difficult.

The following LDAP filter can be used to return all accounts that are set to expire.

Where 9223372032559810000 is the default attribute value in most cases, and 0 is the default in the rest.

accountExpires exhibits inconsistent behaviour depending on how it is accessed. If using iADSUser.AccountExpirationDate an account that does not expire is denoted by the date “01/01/1970 00:00:00”. This epoch date differs from the epoch used with the underlying attribute, “01/01/1601 00:00:00”.

1 Comment

  1. Hey Chris,
    Nice post. I always enjoy your code snippets.

    Pber

    P.S. Thanks for adding my site to your blogroll. Quite the honor.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *