Convert pwdLastSet to a human readable date

Here it is a simple (and a bit hacky, I know) one-liner for bash shell (even under Windows if you are using Cygwin) to convert the cryptic pwdLastSet timestamp of Active Directory (which represent when a user has changed the last time his/her AD password)


D=128457325992343750; date -d "01/01/1601 UTC $(let D=D/10000000; echo $D) seconds"

where the very large number after the first D= it’s your pwdLastSet value. This strange timestamp it’s a 1/100 of a nanosecond (so, it’s 1/10^7 seconds) and the ticks are counted from January 1st, 1601. Don’t ask me why, probably they didn’t like the Epoch time :)

Windows 2003 DHCP/DNS server and non-Windows clients

Usually, in a 100% Microsoft environment, DHCP that automagically updates the DNS entries for every new DHCP client in the network is not a problem, since every client is part of the Active Directory and every machine as by default the rights to “talk” to the DNS server and tell it which is the client’s new IP address and hostname.

But if you have other clients in your network (for example Linux, FreeBSD, embedded devices like JetPrint etc) that need DHCP and you want automatic DNS update, this will not work because they don’t have the rights to write in the DNS records list.

To solve this problem, the update has top be done by the DHCP server itself, and to do the trick you have

  • Go to an AD user management snap-in
  • Create a new user called, for example, dhcp2dns and make it member of the DnsUpdateProxy group
  • Give a password to the dhcp2dns user
  • Go to the DHCP snap-in, and select the server you want to configure
  • Right click on the server name /address, and select properties
  • Here, select the DNS tab
  • Tick the Enable DNS dynamic updates checkbox
  • Select Always dynamically update DNS A and PTR records
  • Now, select the “Advanced” tab and click the “Credentials” button
  • Here, put the credentials of the dhcp2dns user you have created in the first steps

and you are done, it should work or, at least, it did work for me :)