AD uses a file time format for storing password creation time, but keycloak probably interprets it as unix time and shows wrong time in account console.
For example my password was created 1.2.2023 at 18:9:49 that is saved in AD as 133197449897147110 but account console shows January 1, 1970 at 12:59 AM
I used this tool to convert from file time: LDAP, Active Directory & Filetime Timestamp Converter
Is there a way to fix this?
I have created a github issue for this problem
opened 11:58PM - 17 Nov 24 UTC
kind/bug
area/ldap
status/triage
team/core-iam
### Before reporting an issue
- [X] I have read and understood the above terms … for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
### Area
ldap
### Describe the bug
AD uses a file time format for storing password creation time, but keycloak probably interprets it as unix time and shows wrong time in account console.
For example my password was created 1.2.2023 at 18:9:49 that is saved in AD as 133197449897147110 whitch is not valid unix time, so account console shows January 1, 1970 at 12:59 AM
I used this tool to convert from file time: [LDAP, Active Directory & Filetime Timestamp Converter](https://www.epochconverter.com/ldap)
### Version
26.0.5
### Regression
- [ ] The issue is a regression
### Expected behavior
Keycloak and AD shows the same password creation time
### Actual behavior
Password creation time when using AD federation is always January 1, 1970 at 12:59 AM
### How to Reproduce?
Add ldap federation from AD.
Then create user-attribute-ldap-mapper from pwdLastSet in AD to pwdLastSet in keycloak, I have enabled Read Only and Always Read Value From LDAP
### Anything else?
I have tried asking on the forum but without success.
https://forum.keycloak.org/t/pasword-creation-date-from-active-directory-is-wrong/24473