Convert Active Directory "LastLogon:" time to (UNIX) readable time

Microsoft Active Directory stored dates in a specific format, quoted from a Microsoft support page:

The Active Directory stores date/time values as the number of 100-nanosecond intervals that have elapsed since the 0 hour on January 1, 1601 till the date/time that is being stored.
The time is always stored in Greenwich Mean Time (GMT) in the Active Directory.
Some examples of Active Directory attributes that store date/time values are LastLogon, LastLogonTimestamp and LastPwdSet.
In order to obtain the date/time value stored in these attributes into a standard format, some conversion is required. This article describes how this conversion can be done.

UNIX/Linux stores time in seconds since 01-01-1970. To convert the Microsoft Active Directory timestamp, use this formula, as written in Bourne Again Shell:

echo $((($WindowsTimeStamp/10000000)-11676009600))

When searching the internet, you will find many formulas that use the number 11644473600. This is the number of seconds since 31-12-1601, which is used to calculate the "accountExpires" value. The values "lastLogon" and "lastLogonTimeStamp" however use 01-01-1601 as the date to calculate this value.

Be aware, "LastLogon" and "LastLogonTimeStamp" are only synchronized once each 14 days! To find the most recent value, you'd have to query each Domain Controller in the network.

To convert a UNIX timestamp to human readable time, use this Bourne Again Shell command:

date -d "1970-01-01 $UNIXTimeStamp sec GMT"

About Consultancy Articles Contact




References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning robert@meinit.nl