Solved

AD Permitted Logon Times and .NET

Posted on 2012-04-11
5
788 Views
Last Modified: 2012-06-27
good day.

i need some help with AD and the permitted logon times within c# (4.0).  I am able to retrieve the permittedLogonTimes for a specific user.  I have the following set up within AD:

Not Permitted:  04:00 - 05:00, 05-06, 06-07, 07-08, 11-12, 12-13, and 13:00 - 14:00.

I have the following values from the byte array (Day of Week = Wednesday).

byte[10] = 225 ( 11100001 )
byte[11] = 248 ( 11111000 )
byte[12] = 255 ( 11111111 )

Evaluating the binary values and applying them to the appropriate time slots, i am consistently three (3) hours off.  

byte[10] 11100001 indicates no access from 01:00 - 02:00, 02:00 - 03:00, 03:00 - 04:00, and 04:00 - 05:00 - each is three hours off.

I am in the EST time zone (with daylight savings time) - GMT is currently -4.

can anyone help me figure out why the three hour difference?  any help would be appreciated.


thanks.
0
Comment
Question by:freezingHot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 500 total points
ID: 37838015
While you note you're in the Eastern Time Zone, is it possible your DC (or the client machine) is set to be on Pacific Time?

This guy (http://anlai.wordpress.com/2010/09/07/active-directory-permitted-logon-times-with-c-net-3-5-using-system-directoryservices-accountmanagement/) also notes his mask is GMT-8 (PST), but I'm not sure if that's coincidence or what.  He did develop a tool to do the coversion however: http://gist.github.com/568549.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 37838925
our DC is set for EST.

I went through that article, as that is what got me started, but the code he supplies doesn't do exactly what i need it to do.

i can do some sort of "offset" for the three hours; however, I don't feel great about doing that as I don't understand why it is off three hours.  further, i don't know if that would be consistent and when DST is over - will it be four (4) hours off or two (2) hours off.

not a whole lot on the web regarding this topic.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 37838983
No there isn't.  Since the guy in the article saw the same offset, I wonder if the .NET Framework returns Pacific Time for some reason.  You'd think it would return local (or GMT), but...

Testing DST would be as easy as setting the date to December and running the code thereafter.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 37839203
according to another article that I found, it is stored as UTC.  just begs the question as to why i am only three hours behind and not four.

i checked the time zones settings on our AD and it is correct (if it wasn't we would have other problems).

thanks for the feedback, though.
0
 
LVL 1

Author Comment

by:freezingHot
ID: 37840995
i found a really nice powershell script file to retrieve and parse the logon time, if anyone is interested.

http://www.rlmueller.net/PowerShell/PSLogonHours.txt

he has other powershell scripts files for AD.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question