Overview #
MsDS-UserPasswordExpiryTimeComputed Virtual Attribute Attribute indicates the time in LargeInteger Date format when the password of the entry will expire. [1]MsDS-UserPasswordExpiryTimeComputed performs the AD Determining Password Expiration calculations.
In Microsoft Active Directory Virtual Attribute can be returned as value data in an LDAP SearchRequest.
The msDS-UserPasswordExpiryTimeComputed attribute exists on AD DS but not on AD LDS.
If USER is the Entry on which the attribute msDS-UserPasswordExpiryTimeComputed is read.
If USER is not in a domain NC, then USER:msDS-UserPasswordExpiryTimeComputed = null.
If DC is the root of the domain NC containing USER. The DC applies the following rules, in the order specified below, to determine the value of USER:msDS-UserPasswordExpiryTimeComputed: If any of the following are set bits is set on USER entry:User-Account-Control Attribute:
- ADS_UF_SMARTCARD_REQUIRED
- ADS_UF_DONT_EXPIRE_PASSWORD
- ADS_UF_WORKSTATION_TRUST_ACCOUNT
- ADS_UF_SERVER_TRUST_ACCOUNT
- ADS_UF_INTERDOMAIN_TRUST_ACCOUNT
If pwdLastSet = null or pwdLastSet = 0, #
then USER:msDS-UserPasswordExpiryTimeComputed = 0.if Effective-MaximumPasswordAge = 0x8000000000000000 #
then USER:msDS-UserPasswordExpiryTimeComputed = 0x7FFFFFFFFFFFFFFF (where Effective-MaximumPasswordAge is defined in MS-SAMR section 3.1.1.5).Otherwise #
- msDS-UserPasswordExpiryTimeComputed = USER:pwdLastSet + Effective-MaximumPasswordAge (where Effective-MaximumPasswordAge is defined in MS-SAMR section 3.1.1.5).
More Information #
There might be more information for this subject on one of the following:- [#1] - MSDN-msDS-UserPasswordExpiryTimeComputed
- based on information observed on 2014-08-11
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!