How do you read the pwdLastSet LDAP attribute???

[dude]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We've got SOX compliant activities going on recently and I have exported
the pwdLastSet attribute to find out when password was last set for all the
users. However, I get a mysterious code like so: 127656464687151954

using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but i certainly
can't pull up every single user's property to do that, hence the export
function. Can anyone tell me how to read that or decode it?

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Here is an article that shows how Microsoft walks you through this
process.... it's long and awkward, especially if you want to do it for more
than a few accounts. I know that they have internal tools that will convert
the decimal number to hex, then convert it to date and time which you could
probably script. As for externally available tools, a google search turned
up a JoeWare tool that looks like it will convert the pwdLastSet attribute,
but I haven't verified it.

http://www.joeware.net/win/free/tools/adfind.htm

--
Mike Shepperd
MCSE NT4, 2000, 2003
NewFuture Consulting
Seattle, Washington



"dude" <dude@aol.com> wrote in message
news:u2GG2JvhFHA.2424@TK2MSFTNGP09.phx.gbl...
> We've got SOX compliant activities going on recently and I have exported
> the pwdLastSet attribute to find out when password was last set for all
> the
> users. However, I get a mysterious code like so: 127656464687151954
>
> using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but i certainly
> can't pull up every single user's property to do that, hence the export
> function. Can anyone tell me how to read that or decode it?
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Yep it certainly will. I have confirmed it. ;o)

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Mike Shepperd wrote:
> Here is an article that shows how Microsoft walks you through this
> process.... it's long and awkward, especially if you want to do it for more
> than a few accounts. I know that they have internal tools that will convert
> the decimal number to hex, then convert it to date and time which you could
> probably script. As for externally available tools, a google search turned
> up a JoeWare tool that looks like it will convert the pwdLastSet attribute,
> but I haven't verified it.
>
> http://www.joeware.net/win/free/tools/adfind.htm
>
> --
> Mike Shepperd
> MCSE NT4, 2000, 2003
> NewFuture Consulting
> Seattle, Washington
>
>
>
> "dude" <dude@aol.com> wrote in message
> news:u2GG2JvhFHA.2424@TK2MSFTNGP09.phx.gbl...
>
>>We've got SOX compliant activities going on recently and I have exported
>>the pwdLastSet attribute to find out when password was last set for all
>>the
>>users. However, I get a mysterious code like so: 127656464687151954
>>
>>using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but i certainly
>>can't pull up every single user's property to do that, hence the export
>>function. Can anyone tell me how to read that or decode it?
>>
>>
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

On Tue, 12 Jul 2005 10:00:34 -0500, "dude" <dude@aol.com> wrote:

> We've got SOX compliant activities going on recently and I have exported
>the pwdLastSet attribute to find out when password was last set for all the
>users. However, I get a mysterious code like so: 127656464687151954
>
>using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but i certainly
>can't pull up every single user's property to do that, hence the export
>function. Can anyone tell me how to read that or decode it?
>

You can use the technique from tip 8079 » How can I convert a long integer FILETIME, like Active Directory attributes lastLogon and pwdLastSet, to a date and time?
in the 'Tips & Tricks' at http://www.jsifaq.com

w32tm /ntte 127656464687151954
147750 12:54:28.7151954 - 07/12/2005 08:54:28 (local time)

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> We've got SOX compliant activities going on recently and I
> have exported
> the pwdLastSet attribute to find out when password was last
> set for all the
> users. However, I get a mysterious code like so:
> 127656464687151954
>
> using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but
> i certainly
> can't pull up every single user's property to do that, hence
> the export
> function. Can anyone tell me how to read that or decode it?

use OLDCMP (also from joeware) with the users option

http://www.joeware.net/win/free/tools/oldcmp.htm

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-read-pwdLastSet-LDAP-attribute-ftopict394909.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1307098