Zoho Banner September 2011

It is sometimes helpful to be able to search for objects in AD by their creation date.  The whenCreated attribute is useful for this as it is a replicated attribute (i.e. is consistent across all DCs).  The challenge for using whenCreated in LDAP filters is the syntax.  The attribute uses the GeneralizedTime syntax to represent the date and time (see X.680 for more details regarding the syntax).  I haven’t found an standard method within Powershell to obtain GenerlizedTime format, so it involves some custom formatting. 

Here’s an example of using whenCreated in a LDAP filter to find all user objects created in the past 90 days. 

$wcdate = "{0:yyyMMddHHmmss}.Z" -f (Get-Date).adddays(-90) 

Get-ADUser -LDAPFilter "(whencreated>=$wcdate)" -pr * | fl samaccountname, whencreated

Leave a Reply