Solved

AD Permitted Logon Times and .NET

Posted on 2012-04-11
5
758 Views
Last Modified: 2012-06-27
good day.

i need some help with AD and the permitted logon times within c# (4.0).  I am able to retrieve the permittedLogonTimes for a specific user.  I have the following set up within AD:

Not Permitted:  04:00 - 05:00, 05-06, 06-07, 07-08, 11-12, 12-13, and 13:00 - 14:00.

I have the following values from the byte array (Day of Week = Wednesday).

byte[10] = 225 ( 11100001 )
byte[11] = 248 ( 11111000 )
byte[12] = 255 ( 11111111 )

Evaluating the binary values and applying them to the appropriate time slots, i am consistently three (3) hours off.  

byte[10] 11100001 indicates no access from 01:00 - 02:00, 02:00 - 03:00, 03:00 - 04:00, and 04:00 - 05:00 - each is three hours off.

I am in the EST time zone (with daylight savings time) - GMT is currently -4.

can anyone help me figure out why the three hour difference?  any help would be appreciated.


thanks.
0
Comment
Question by:freezingHot
  • 3
  • 2
5 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 37838015
While you note you're in the Eastern Time Zone, is it possible your DC (or the client machine) is set to be on Pacific Time?

This guy (http://anlai.wordpress.com/2010/09/07/active-directory-permitted-logon-times-with-c-net-3-5-using-system-directoryservices-accountmanagement/) also notes his mask is GMT-8 (PST), but I'm not sure if that's coincidence or what.  He did develop a tool to do the coversion however: http://gist.github.com/568549.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 37838925
our DC is set for EST.

I went through that article, as that is what got me started, but the code he supplies doesn't do exactly what i need it to do.

i can do some sort of "offset" for the three hours; however, I don't feel great about doing that as I don't understand why it is off three hours.  further, i don't know if that would be consistent and when DST is over - will it be four (4) hours off or two (2) hours off.

not a whole lot on the web regarding this topic.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37838983
No there isn't.  Since the guy in the article saw the same offset, I wonder if the .NET Framework returns Pacific Time for some reason.  You'd think it would return local (or GMT), but...

Testing DST would be as easy as setting the date to December and running the code thereafter.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 37839203
according to another article that I found, it is stored as UTC.  just begs the question as to why i am only three hours behind and not four.

i checked the time zones settings on our AD and it is correct (if it wasn't we would have other problems).

thanks for the feedback, though.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 37840995
i found a really nice powershell script file to retrieve and parse the logon time, if anyone is interested.

http://www.rlmueller.net/PowerShell/PSLogonHours.txt

he has other powershell scripts files for AD.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that undeā€¦
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā€¦
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now