Other Posts in this Series:
- LDAP Does Not Return All Active Directory Group Members
- The Difference Between PowerShell ADSI and ADSISearcher
- Use ADSI to Check if a User is a Member of an AD Group
- Use ADSI to Check if a Computer is a Member of an AD Group
- Use PowerShell ADSI to Migrate AD Group Members
This post explains how we can use ADSI and FromFileTime to convert datetime attributes in Active Directory to a human-readable date and time.
You’ll notice when you return attributes such as lastlogon, lastlogontimestamp and lastpwdset that the format of the results is something like: 132586443741396519
What the heck does that mean?? Well it’s known as the ‘Windows NT time format’ and represents the Universal Time Coordinated (UTC) of the number of 100-nanosecond intervals that have elapsed since the 0 hour on January 1, 1601.
In this post we search for all enabled users in AD and print out their lastlogontimestamp value, in the format dd/MM/yyyy.
$objSearcher=[adsisearcher]'(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))'
$objSearcher.PageSize = 200
$colProplist = "samaccountname","lastlogontimestamp"
foreach ($i in $colPropList) { $objSearcher.PropertiesToLoad.Add($i) | out-null }
$colResults = $objSearcher.FindAll()
$count = 0
foreach ($objResult in $colResults)
{
$username = ($objResult.Properties).samaccountname
$tdt = [int64]($objResult.Properties).lastlogontimestamp[0].ToString()
$dt = [datetime]::FromFileTime($tdt).ToString('dd/MM/yyyy')
write-host $dt
}