How do you read the pwdLastSet LDAP attribute???

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We've got SOX compliant activities going on recently and I have exported
the pwdLastSet attribute to find out when password was last set for all the
users. However, I get a mysterious code like so: 127656464687151954

using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but i certainly
can't pull up every single user's property to do that, hence the export
function. Can anyone tell me how to read that or decode it?
4 answers Last reply
More about read pwdlastset ldap attribute
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Here is an article that shows how Microsoft walks you through this
    process.... it's long and awkward, especially if you want to do it for more
    than a few accounts. I know that they have internal tools that will convert
    the decimal number to hex, then convert it to date and time which you could
    probably script. As for externally available tools, a google search turned
    up a JoeWare tool that looks like it will convert the pwdLastSet attribute,
    but I haven't verified it.

    http://www.joeware.net/win/free/tools/adfind.htm

    --
    Mike Shepperd
    MCSE NT4, 2000, 2003
    NewFuture Consulting
    Seattle, Washington


    "dude" <dude@aol.com> wrote in message
    news:u2GG2JvhFHA.2424@TK2MSFTNGP09.phx.gbl...
    > We've got SOX compliant activities going on recently and I have exported
    > the pwdLastSet attribute to find out when password was last set for all
    > the
    > users. However, I get a mysterious code like so: 127656464687151954
    >
    > using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but i certainly
    > can't pull up every single user's property to do that, hence the export
    > function. Can anyone tell me how to read that or decode it?
    >
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Yep it certainly will. I have confirmed it. ;o)

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Mike Shepperd wrote:
    > Here is an article that shows how Microsoft walks you through this
    > process.... it's long and awkward, especially if you want to do it for more
    > than a few accounts. I know that they have internal tools that will convert
    > the decimal number to hex, then convert it to date and time which you could
    > probably script. As for externally available tools, a google search turned
    > up a JoeWare tool that looks like it will convert the pwdLastSet attribute,
    > but I haven't verified it.
    >
    > http://www.joeware.net/win/free/tools/adfind.htm
    >
    > --
    > Mike Shepperd
    > MCSE NT4, 2000, 2003
    > NewFuture Consulting
    > Seattle, Washington
    >
    >
    >
    > "dude" <dude@aol.com> wrote in message
    > news:u2GG2JvhFHA.2424@TK2MSFTNGP09.phx.gbl...
    >
    >>We've got SOX compliant activities going on recently and I have exported
    >>the pwdLastSet attribute to find out when password was last set for all
    >>the
    >>users. However, I get a mysterious code like so: 127656464687151954
    >>
    >>using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but i certainly
    >>can't pull up every single user's property to do that, hence the export
    >>function. Can anyone tell me how to read that or decode it?
    >>
    >>
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    On Tue, 12 Jul 2005 10:00:34 -0500, "dude" <dude@aol.com> wrote:

    > We've got SOX compliant activities going on recently and I have exported
    >the pwdLastSet attribute to find out when password was last set for all the
    >users. However, I get a mysterious code like so: 127656464687151954
    >
    >using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but i certainly
    >can't pull up every single user's property to do that, hence the export
    >function. Can anyone tell me how to read that or decode it?
    >

    You can use the technique from tip 8079 » How can I convert a long integer FILETIME, like Active Directory attributes lastLogon and pwdLastSet, to a date and time?
    in the 'Tips & Tricks' at http://www.jsifaq.com

    w32tm /ntte 127656464687151954
    147750 12:54:28.7151954 - 07/12/2005 08:54:28 (local time)
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "" wrote:
    > We've got SOX compliant activities going on recently and I
    > have exported
    > the pwdLastSet attribute to find out when password was last
    > set for all the
    > users. However, I get a mysterious code like so:
    > 127656464687151954
    >
    > using an AD tool, i can tell that's 7/12/2005 7:54:28 AM, but
    > i certainly
    > can't pull up every single user's property to do that, hence
    > the export
    > function. Can anyone tell me how to read that or decode it?

    use OLDCMP (also from joeware) with the users option

    http://www.joeware.net/win/free/tools/oldcmp.htm

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/Active-Directory-read-pwdLastSet-LDAP-attribute-ftopict394909.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1307098
Ask a new question

Read More

Active Directory Microsoft LDAP Windows