Overview #
There are several time conversions that are required for DirXML and Microsoft Active Directory.Here is an example of what we typically use as an Example.
ITP #
OTP #
Below we show one DirXML Example to Converting AD Times. Most other time EDirectory GeneralizedTime attributes can be changed using a similar manner.Convert Login Expiration Time to accountExpires.
<rule> <description>Convert Login Expiration Time to accountExpires</description> <comment xml:space="preserve">Login Expiration Time needs formatted for AD.</comment> <comment name="author" xml:space="preserve">jim@willeke.com</comment> <comment name="version" xml:space="preserve">4</comment> <comment name="lastchanged" xml:space="preserve">2014-08-07</comment> <conditions> <or> <if-op-attr name="accountExpires" op="changing"/> </or> </conditions> <actions> <do-if> <arg-conditions> <or> <if-op-attr mode="case" name="accountExpires" op="equal">9223372036854775807</if-op-attr> <if-op-attr mode="case" name="accountExpires" op="equal">0</if-op-attr> </or> </arg-conditions> <arg-actions> <do-strip-op-attr name="accountExpires"/> <do-set-dest-attr-value name="accountExpires"> <arg-value type="string"> <token-text xml:space="preserve">0</token-text> </arg-value> </do-set-dest-attr-value> </arg-actions> <arg-actions> <do-if> <arg-conditions> <and> <if-op-attr name="accountExpires" op="available"/> </and> </arg-conditions> <arg-actions> <do-set-local-variable name="lv-account-expires" scope="policy"> <arg-string> <token-op-attr name="accountExpires"/> </arg-string> </do-set-local-variable> <do-strip-op-attr name="accountExpires"/> <do-set-dest-attr-value name="accountExpires"> <arg-value type="string"> <token-convert-time dest-format="!FILETIME" dest-tz="UTC" src-format="!CTIME" src-tz="UTC"> <token-local-variable name="lv-account-expires"/> </token-convert-time> </arg-value> </do-set-dest-attr-value> </arg-actions> <arg-actions/> </do-if> </arg-actions> </do-if> </actions> </rule>
