Active Directory date/timestamp fields are not accurate, why?

I have the following code that returns a specific property for a given user in Active Directory.  However, whenever I try to convert the lastLogonTimestamp dates and various other dates they don't seem to be accurate.  They are close, usually just off by a few hours or minutes.  Here is the function I'm using to return any given user's property (ie: cn, displayName, telephoneNumber, etc.)

Also to convert the 100-nanosecond interval long integer fields (ie: lastLogonTimestamp) I use the following code:
Date.FromFileTime(getUIDProperty(userID, "lastLogonTimestamp").ToString).ToString()

It still comes out wrong by only a few hours or even minutes.  Any help is appreciate, TIA!

    Function getUIDProperty(ByVal uid As String, ByVal uid_parameter As String) As String
            Dim sPath As String = "LDAP://<connection>"
            Dim myDirectory As New DirectoryEntry(sPath, "<username>", "<pw>", DirectoryServices.AuthenticationTypes.Secure) 'pass the user account and password for your Enterprise admin.
            Dim mySearcher As New DirectorySearcher(myDirectory)
            Dim mySearchResultColl As SearchResultCollection
            Dim mySearchResult As SearchResult
            Dim myResultPropColl As ResultPropertyCollection
            Dim myResultPropValueColl As ResultPropertyValueCollection
            'Build LDAP query
            mySearcher.Filter = ("(&(objectClass=user)(samaccountname=" & uid & "))")
            mySearchResultColl = mySearcher.FindAll()
            'I expect only one user from search result
            Select Case mySearchResultColl.Count
                Case 0
                    Return "Null"
                    Exit Function
                Case Is > 1
                    Return "Null"
                    Exit Function
            End Select

            'Get the search result from the collection
            mySearchResult = mySearchResultColl.Item(0)

            'Get the Properites, they contain the usefull info
            myResultPropColl = mySearchResult.Properties

            'displayname, mail
            'Retrieve from the properties collection the display name and email of the user
            myResultPropValueColl = myResultPropColl.Item(uid_parameter)
            Return CStr(myResultPropValueColl.Item(0))

        Catch ex As System.Exception
            Return ""
        End Try
    End Function
Who is Participating?
Similarly, badPasswordTime attribute is stored in each DC. For an accurate value for the user's last incorrect password time in the domain, you must query each DC in domain; the largest one is the accurate value.

And I guess the same thing happens to pwdLastSet attribute. I'm not very sure, though.
Not very sure if you have done it correctly, since the "lastLogonTimestamp" attribute actually returns 64-bit integers value.

As what microsoft documentation suggests

this is the code in VB.NET
More importantly, event if there's nothing wrong with your code. You may not get the last updated last logon value from the attribute. It is said, lastLogonTimestamp's value is only updated when the user logs in if a week has passed since the last update. Just keep that in mind.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

RobinsRLAuthor Commented:
Ok, is "lastLogon" as inaccurate as lastLogonTimestamp?

There seems to be a discrepency with a bunch of these date fields (ie: badPasswordTime, pwdLastSet).  Any fix to this?
lastLogonTimestamp and lastLogon attribute has the same data type, but with some different working manners. lastLogonTimestamp attribute is replicated across DCs in domain but its value is updated after a week or more ago (If I'm not wrong this is configurable). With lastLogon attribute, you should always get the actual last logon. However, this attribute isn't replicated and you'd have to query every DC in the domain and keep track of the most recent one.
RobinsRLAuthor Commented:
How exactly are you supposed to convert that long integer into a useable and accurate date?  
Have you tried the link I posted above?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.