?
Solved

AD Permitted Logon Times and .NET

Posted on 2012-04-11
5
Medium Priority
?
820 Views
Last Modified: 2012-06-27
good day.

i need some help with AD and the permitted logon times within c# (4.0).  I am able to retrieve the permittedLogonTimes for a specific user.  I have the following set up within AD:

Not Permitted:  04:00 - 05:00, 05-06, 06-07, 07-08, 11-12, 12-13, and 13:00 - 14:00.

I have the following values from the byte array (Day of Week = Wednesday).

byte[10] = 225 ( 11100001 )
byte[11] = 248 ( 11111000 )
byte[12] = 255 ( 11111111 )

Evaluating the binary values and applying them to the appropriate time slots, i am consistently three (3) hours off.  

byte[10] 11100001 indicates no access from 01:00 - 02:00, 02:00 - 03:00, 03:00 - 04:00, and 04:00 - 05:00 - each is three hours off.

I am in the EST time zone (with daylight savings time) - GMT is currently -4.

can anyone help me figure out why the three hour difference?  any help would be appreciated.


thanks.
0
Comment
Question by:freezingHot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 2000 total points
ID: 37838015
While you note you're in the Eastern Time Zone, is it possible your DC (or the client machine) is set to be on Pacific Time?

This guy (http://anlai.wordpress.com/2010/09/07/active-directory-permitted-logon-times-with-c-net-3-5-using-system-directoryservices-accountmanagement/) also notes his mask is GMT-8 (PST), but I'm not sure if that's coincidence or what.  He did develop a tool to do the coversion however: http://gist.github.com/568549.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 37838925
our DC is set for EST.

I went through that article, as that is what got me started, but the code he supplies doesn't do exactly what i need it to do.

i can do some sort of "offset" for the three hours; however, I don't feel great about doing that as I don't understand why it is off three hours.  further, i don't know if that would be consistent and when DST is over - will it be four (4) hours off or two (2) hours off.

not a whole lot on the web regarding this topic.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37838983
No there isn't.  Since the guy in the article saw the same offset, I wonder if the .NET Framework returns Pacific Time for some reason.  You'd think it would return local (or GMT), but...

Testing DST would be as easy as setting the date to December and running the code thereafter.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 37839203
according to another article that I found, it is stored as UTC.  just begs the question as to why i am only three hours behind and not four.

i checked the time zones settings on our AD and it is correct (if it wasn't we would have other problems).

thanks for the feedback, though.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 37840995
i found a really nice powershell script file to retrieve and parse the logon time, if anyone is interested.

http://www.rlmueller.net/PowerShell/PSLogonHours.txt

he has other powershell scripts files for AD.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month11 days, 14 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question