Bad-Password-Time attribute

The last time and date that an attempt to log on to this account was made with a password that is not valid. This value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last time a incorrect password was used is unknown.

Entry	Value
CN	Bad-Password-Time
Ldap-Display-Name	badPasswordTime
Size	8 bytes
Update Privilege	This value is set by the system.
Update Frequency	Each time the user enters a bad password.
Attribute-Id	1.2.840.113556.1.4.49
System-Id-Guid	bf96792d-0de6-11d0-a285-00aa003049e2
Syntax	Interval

Implementations

• Windows 2000 Server
• Windows Server 2003
• ADAM
• Windows Server 2003 R2
• Windows Server 2008
• Windows Server 2008 R2
• Windows Server 2012

Windows 2000 Server

Entry	Value
Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Windows Server 2003

Entry	Value
Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

ADAM

Entry	Value
Link-Id	-
MAPI-Id	-
System-Only	True
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	ms-DS-Bindable-Object

Windows Server 2003 R2

Entry	Value
Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Windows Server 2008

Entry	Value
Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Windows Server 2008 R2

Entry	Value
Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Windows Server 2012

Entry	Value
Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Remarks

The high part of this large integer corresponds to the dwHighDateTime member of the FILETIME structure and the low part corresponds to the dwLowDateTime member of the FILETIME structure.

This attribute is not replicated and is maintained separately on each domain controller in the domain. To get an accurate value for the user's last bad password time in the domain, each domain controller in the domain must be queried. The largest value that is obtained represents the true bad password time.