jspωiki
MsDS-UserPasswordExpiryTimeComputed

Overview #

MsDS-UserPasswordExpiryTimeComputed Virtual Attribute Attribute indicates the time in LargeInteger Date format when the password of the entry will expire. [1]

MsDS-UserPasswordExpiryTimeComputed performs the AD Determining Password Expiration calculations.

In Microsoft Active Directory Virtual Attribute can be returned as value data in an LDAP SearchRequest.

The msDS-UserPasswordExpiryTimeComputed attribute exists on AD DS but not on AD LDS.

If USER is the Entry on which the attribute msDS-UserPasswordExpiryTimeComputed is read.

If USER is not in a domain NC, then USER:msDS-UserPasswordExpiryTimeComputed = null.

If DC is the root of the domain NC containing USER. The DC applies the following rules, in the order specified below, to determine the value of USER:msDS-UserPasswordExpiryTimeComputed: If any of the following are set bits is set on USER entry:User-Account-Control Attribute:

then USER:msDS-UserPasswordExpiryTimeComputed = 0x7FFFFFFFFFFFFFFF.

If pwdLastSet = null or pwdLastSet = 0, #

then USER:msDS-UserPasswordExpiryTimeComputed = 0.

if Effective-MaximumPasswordAge = 0x8000000000000000 #

then USER:msDS-UserPasswordExpiryTimeComputed = 0x7FFFFFFFFFFFFFFF (where Effective-MaximumPasswordAge is defined in MS-SAMR section 3.1.1.5).

Otherwise #

  • msDS-UserPasswordExpiryTimeComputed = USER:pwdLastSet + Effective-MaximumPasswordAge (where Effective-MaximumPasswordAge is defined in MS-SAMR section 3.1.1.5).

More Information #

There might be more information for this subject on one of the following: