The last time and date that an attempt to log on to this account was made with a password that is not valid. This value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last time an incorrect password was used is unknown.
| Entry |
Value |
| CN |
Bad-Password-Time |
| Ldap-Display-Name |
badPasswordTime |
| Size |
8 bytes |
| Update Privilege |
This value is set by the system. |
| Update Frequency |
Each time the user enters a bad password. |
| Attribute-Id |
1.2.840.113556.1.4.49 |
| System-Id-Guid |
bf96792d-0de6-11d0-a285-00aa003049e2 |
| Syntax |
Interval |
Implementations
Windows 2000 Server
| Entry |
Value |
| Link-Id |
- |
| MAPI-Id |
- |
| System-Only |
False |
| Is-Single-Valued |
True |
| Is Indexed |
False |
| In Global Catalog |
False |
| NT-Security-Descriptor |
O:BAG:BAD:S: |
| Range-Lower |
- |
| Range-Upper |
- |
| Search-Flags |
0x00000000 |
| System-Flags |
0x00000011 |
| Classes used in |
User
|
Windows Server 2003
| Entry |
Value |
| Link-Id |
- |
| MAPI-Id |
- |
| System-Only |
False |
| Is-Single-Valued |
True |
| Is Indexed |
False |
| In Global Catalog |
False |
| NT-Security-Descriptor |
O:BAG:BAD:S: |
| Range-Lower |
- |
| Range-Upper |
- |
| Search-Flags |
0x00000000 |
| System-Flags |
0x00000011 |
| Classes used in |
User
|
ADAM
| Entry |
Value |
| Link-Id |
- |
| MAPI-Id |
- |
| System-Only |
True |
| Is-Single-Valued |
True |
| Is Indexed |
False |
| In Global Catalog |
False |
| NT-Security-Descriptor |
O:BAG:BAD:S: |
| Range-Lower |
- |
| Range-Upper |
- |
| Search-Flags |
0x00000000 |
| System-Flags |
0x00000011 |
| Classes used in |
ms-DS-Bindable-Object
|
Windows Server 2003 R2
| Entry |
Value |
| Link-Id |
- |
| MAPI-Id |
- |
| System-Only |
False |
| Is-Single-Valued |
True |
| Is Indexed |
False |
| In Global Catalog |
False |
| NT-Security-Descriptor |
O:BAG:BAD:S: |
| Range-Lower |
- |
| Range-Upper |
- |
| Search-Flags |
0x00000000 |
| System-Flags |
0x00000011 |
| Classes used in |
User
|
Windows Server 2008
| Entry |
Value |
| Link-Id |
- |
| MAPI-Id |
- |
| System-Only |
False |
| Is-Single-Valued |
True |
| Is Indexed |
False |
| In Global Catalog |
False |
| NT-Security-Descriptor |
O:BAG:BAD:S: |
| Range-Lower |
- |
| Range-Upper |
- |
| Search-Flags |
0x00000000 |
| System-Flags |
0x00000011 |
| Classes used in |
User
|
Windows Server 2008 R2
| Entry |
Value |
| Link-Id |
- |
| MAPI-Id |
- |
| System-Only |
False |
| Is-Single-Valued |
True |
| Is Indexed |
False |
| In Global Catalog |
False |
| NT-Security-Descriptor |
O:BAG:BAD:S: |
| Range-Lower |
- |
| Range-Upper |
- |
| Search-Flags |
0x00000000 |
| System-Flags |
0x00000011 |
| Classes used in |
User
|
Windows Server 2012
| Entry |
Value |
| Link-Id |
- |
| MAPI-Id |
- |
| System-Only |
False |
| Is-Single-Valued |
True |
| Is Indexed |
False |
| In Global Catalog |
False |
| NT-Security-Descriptor |
O:BAG:BAD:S: |
| Range-Lower |
- |
| Range-Upper |
- |
| Search-Flags |
0x00000000 |
| System-Flags |
0x00000011 |
| Classes used in |
User
|
The high part of this large integer corresponds to the dwHighDateTime member of the FILETIME structure and the low part corresponds to the dwLowDateTime member of the FILETIME structure.
This attribute is not replicated and is maintained separately on each domain controller in the domain. To get an accurate value for the user's last bad password time in the domain, each domain controller in the domain must be queried. The largest value that is obtained represents the true bad password time.