All of our users have a custom attribute. Is it possible to use Powershell to see when that attribute was last modified?
An custom attribute in…a car, a plane, a flying man, Active Directory, Powershell object?
Oops. Sorry first post., but I guess that would help. It is a custom attribute in Active Directory called bannerid. It is populated when the account is created. This attribute is used to authenticate into another system via CAS. However, I need to know if that value has changed. The concern is someone could change that value in bannerid to impersonate another user when accessing the other system. I can pull when the account object is created and last modified, but I really need to when or if bannerid was changed.
Thanks
This one got my curiosity up. So, I loaded Apache Directory Studio, found a custom attribute, and in Studio, if you select the properties of that attribute, there is a value for Create and Modify shown as “Create TimeStamp” and “Modify TimeStamp”. I also had to select “Fetch Operational Attributes” before the timestamps actually showed up . Getting that info from PowerShell is above my pay grade. Perhaps Rob can figure this one out. I would think if Directory Studio can figure it out, PS can as well.