Powershell: Using the whenCreated attribute in LDAP Filters

By | September 12, 2012

It is sometimes helpful to be able to search for objects in AD by their creation date.  The whenCreated attribute is useful for this as it is a replicated attribute (i.e. is consistent across all DCs).  The challenge for using whenCreated in LDAP filters is the syntax.  The attribute uses the GeneralizedTime syntax to represent the date and time (see X.680 for more details regarding the syntax).  I haven’t found an standard method within Powershell to obtain GenerlizedTime format, so it involves some custom formatting. 

Here’s an example of using whenCreated in a LDAP filter to find all user objects created in the past 90 days. 

$wcdate = "{0:yyyMMddHHmmss}.Z" -f (Get-Date).adddays(-90) 

Get-ADUser -LDAPFilter "(whencreated>=$wcdate)" -pr * | fl samaccountname, whencreated

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.