PowerShell by Patrik

Converting msDS-UserPasswordExpiryTimeComputed to DateTime

The msDS-UserPasswordExpiryTimeComputed attribute in Active Directory stores the user’s password expiration time as a large integer in Windows FileTime format. This format counts 100-nanosecond intervals from January 1, 1601 (UTC). To get a readable date and time, you must convert this number to a standard datetime format using the appropriate method for your platform.

How to Convert:

  • Use built-in functions like FromFileTimeUtc in PowerShell or .NET.
  • In Python, add the FileTime interval (converted to microseconds) to the epoch starting at 1601-01-01.

Example in PowerShell:

[DateTime]::FromFileTimeUtc($filetimeValue)

Handling the Special “Magic” Number:
If the value equals 9223372036854775807 (the maximum 64-bit integer), it is a special indicator that the password never expires. This number is not a real timestamp and should not be converted to a date. Instead, treat it as a flag meaning “no expiration.”

Summary:

  • Convert valid FileTime values to datetime for expiry information.
  • Recognize 9223372036854775807 as a sentinel meaning “password never expires.” Avoid converting this sentinel to a datetime.
ActiveDirectory
Password
DateTime
Add to Set
Add to Set
Share
Share on Twitter Share on Facebook Share on LinkedIn Share on Reddit Share on WhatsApp Send via Email Copy Link to Clipboard
Referenced in:

Comments

Copyright © Snippset 2022. All Rights Reserved.