That number is always stored as a negative number that's in 100-nanosecond intervals. To convert to days, you take the absolutely value of that negative number, multiply by 0.0000001, then divide by 86400 (number of seconds in a day).
It took me a long time to figure that out, so I figured I'd pass it along here, in case anyone wants to be brave and venture forth with that task. =) Rob Smith, Matt wrote: > My recollection from a bunch of Perl/LDAP I wrote against AD a lifetime > ago is that getting this from LDAP is painful. First, "Password > Expiration" is not stored with each user object. Instead, you must > access the "Password last changed" attribute, then adjust this by your > domain's password expiration policy. > > To make life more fun, the "Password Last Changed" value is not an > ordinary timestamp, but rather is encoded using the "LargeInteger" > syntax (search for "FileTime"), which is an 8-byte string representing > the number of 100-nanosecond increments from 1/1/1601. Thankfully, this > means I can expire the passwords of the early European settlers of > America. > > It can be done, but it ain't fun. > HTH, > -Matt > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Velpi > Sent: Wednesday, July 25, 2007 4:59 PM > To: Yale CAS mailing list > Subject: Re: CAS and Active Directory Password Expiration > >> I'm not familiar with AD's password expiration settings. What's >> supposed to happen if the password is expired? > > I'm not entirely sure, but I always thought it was just another > attribute that can be checked from the LDAP interface. (If that is > true,) it fits perfectly in this topic: > http://www.ja-sig.org/wiki/display/CAS/Expired+Password+Integration > > -- Velpi > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > !DSPAM:46a7e198301371115719166! > > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
