---
tags:
- "\U0001F6A9purpose/ℹ️documentation"
- ⭐topic/⌗shell/powershell
- "⭐topic/\U0001F4BEsoftware/windows/server/active-directory"
---
# Timestamps in Active Directory properties   
   
Many AD properties that contain timestamps are in the [`FILETIME`](https://learn.microsoft.com/en-us/windows/desktop/api/minwinbase/ns-minwinbase-filetime) format, **not** Unix time (seconds since epoch) or etc. Convert with:   
```powershell
PS H:\> $x = (Get-Date).ToFileTime() # instance public method
PS H:\> $x
133184427001875115
PS H:\> [DateTime]::FromFileTime($x) # class static function
17 January, 2023 09:25:00
```
   
[https://learn.microsoft.com/en-us/dotnet/api/system.datetime.tofiletime](https://learn.microsoft.com/en-us/dotnet/api/system.datetime.tofiletime)   
[https://learn.microsoft.com/en-us/dotnet/api/system.datetime.fromfiletime](https://learn.microsoft.com/en-us/dotnet/api/system.datetime.fromfiletime)   
   
PowerShell `ADUser` objects have the `LastLogonDate` property, which is LDAP [`lastLogonTimestamp`](https://learn.microsoft.com/en-us/windows/win32/adschema/a-lastlogontimestamp) converted to a local [`DateTime`](https://learn.microsoft.com/en-us/dotnet/api/system.datetime). `lastLogonTimestamp` (and as such `LastLogonDate`) are only updated when the previous authentication request occurred longer ago than the value for the attribute [`msDS-LogonTimeSyncInterval`](https://learn.microsoft.com/en-us/windows/win32/adschema/a-msDS-LogonTimeSyncInterval) (default 14 days). LDAP [`lastLogon`](https://learn.microsoft.com/en-us/windows/win32/adschema/a-lastlogon) is updated immediately but only on the domain controller used to log in with—it is not replicated.   
   
Similar to the above [`badPasswordTime`](https://learn.microsoft.com/en-us/windows/win32/adschema/a-badpasswordtime) has the converted value `LastBadPasswordAttempt` and [`badPwdCount`](https://learn.microsoft.com/en-us/windows/win32/adschema/a-badpwdcount) has `BadLogonCount`. Neither are replicated.   
   
[`pwdLastSet`](https://learn.microsoft.com/en-us/windows/win32/adschema/a-pwdlastset) has `PasswordLastSet`. It is replicated. A value of `0` and with [`userAccountControl`](https://learn.microsoft.com/en-us/windows/win32/adschema/a-useraccountcontrol) not containing flag [`UF_DONT_EXPIRE_PASSWORD`](https://learn.microsoft.com/en-us/windows/win32/api/iads/ne-iads-ads_user_flag_enum) means the password is expired and must be set at next logon.   
   
# See also   
[https://ldapwiki.com/wiki/Lockouttime](https://ldapwiki.com/wiki/Lockouttime)   
[https://stackoverflow.com/q/13091719#comment92927258_13091821](https://stackoverflow.com/q/13091719#comment92927258_13091821)   
[https://serverfault.com/a/959783](https://serverfault.com/a/959783)