Convert LDAP AccountExpires to DateTime in C#

I want to convert 18 digit string from LDAP AccountExpires to Normal Date Time Format.

129508380000000000 >> May 26 2011

I got the above conversion from using the following link.

http://www.chrisnowell.com/information_security_tools/date_开发者_如何学Cconverter/Windows_active_directory_date_converter.asp?pwdLastSet,%20accountExpires,%20lastLogonTimestamp,%20lastLogon,%20and%20badPasswordTime

I tried to convert by using DateTime.Parse or Convert.ToDateTime. But no success.

Anyone know how to convert it? Thanks very much.

Edited answer

It's the number of ticks since Jan-01-1601 in UTC, according to Reference, which describes the significance of the year 1601. Good background reading.

var accountExpires = 129508380000000000;
var dt = new DateTime(1601, 01, 01, 0, 0, 0, DateTimeKind.Utc).AddTicks(accountExpires);

Original Accepted Answer

It's the number of ticks since Jan-02-1601.

DateTime dt = new DateTime(1601, 01, 02).AddTicks(129508380000000000);

You can use the FromFileTime method on the DateTime class, but watch out, when this field is set to not expire, it comes back as the Int64.MaxValue and doesn't work with either of these methods.

Int64 accountExpires = 129508380000000000;

DateTime expireDate = DateTime.MaxValue;

if (!accountExpires.Equals(Int64.MaxValue))
    expireDate = DateTime.FromFileTime(accountExpires);

Some info for anyone who came here looking to set the AccountExpires value.

To clear the expiry is nice and easy:

entry.Properties["accountExpires"].Value = 0;

However if you try to directly write back an int64 / long:

entry.Properties["accountExpires"].Value = dt.ToFileTime();

You can get a 'COMException was unhandled - Unspecified error'

Instead write back the value as a string data type:

entry.Properties["accountExpires"].Value = dt.ToFileTime().ToString();

Be aware of the time of day you are setting, for consistancy with ADUC the time should be 00:00.

Instead of .Now or .UtcNow you can use .Today:

var dt1 = DateTime.Today.AddDays(90);
entry.Properties["accountExpires"].Value = dt1.ToFileTime().ToString();

Other input like dateTimePicker you can replace the time, Kind as Local for the Domain Controller:

var dt1 = dateTimePicker1.Value;
var dt2 = new DateTime(dt1.Year, dt1.Month, dt1.Day, 0, 0, 0, DateTimeKind.Local);
entry.Properties["accountExpires"].Value = dt2.ToFileTime().ToString();

If you View Source on the link you posted you should see a Javascript conversion algorithm that should translate quite nicely to c#

For Ruby

def ldapTimeConverter(ldap_time)
  Time.at((ldap_time/10000000)-11644473600)
end

I stumbled across this working on a PowerShell script. I found I can query the accountexpirationdate property and no conversion is required.

Someone had the "best" way above but when it's set to never expired, the value is zero.

public static DateTime GetAccountExpiresDate(DirectoryEntry de)
{
    long expires = de.properties["accountExpires"].Value;
    if (expires == 0)   // doesn't expire
        return DateTime.MaxValue;

    return DateTime.FromFileTime(expires);
}

I'll provide a perfect answer to this question using which you will be able to convert and DateTime to active directory long int format and will be also able to do the vice versa of it.

Here is a solution to it:-

To get DateTime from AD

string tickstring = de.Properties["accountExpires"][0].ToString();
long Ticks = (long) tickstring;

DateTime ReferenceDate = new DateTime(1601, 1, 1, 0, 0, 0, DateTimeKind.Utc);
long ExpireDateTicks = Ticks + ReferenceDate.Ticks;
DateTime ExpireDate = new DateTime(ExpireDateTicks);

To convert DateTime to AD long integer format

DateTime ReferenceDate = new DateTime(1601, 1, 1, 0, 0, 0, DateTimeKind.Utc);
DateTime ExpireDate = new DateTime(Request.EndDate.Year, Request.EndDate.Month, Request.EndDate.Day, 0, 0, 0);

long Ticks = ExpireDate.Ticks - ReferenceDate.Ticks;
NewUser.accountExpires = Ticks.ToString();