NNS ADix - How to...Export/Import/Query Logon Hours

This topic describes how to handle the attribute 'logonHours' with NNS ADix.

General Information:

Logon hours are stored in Active Directory using the attribute 'logonHours'. The value is stored as a byte array
containing 21 bytes. Each bit in the byte array represents an hour in a 7-day week (24 hours x 7 days = 168 bits = 21 bytes).
A bit of value zero means that logon is denied at this hour, a bit of value one means that logon is permitted.

Values in the logonHours-attribute are stored in UTC format, therefore the array is offset by your local computer Time Zone Bias.

Note:
    Local computer Time Zone Bias is stored in the registry (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation)
    using the following values:
    - ActiveTimeBias: This value is the current time difference from UTC in minutes and is the difference for UTC.
      E.g., if you are 1 hour ahead, UTC is 1 hour behind. The value would be ffffffc4, which is hexadecimal for -60. We use
      this value divided by 60 as time zone offset when converting logon hours.
    - Bias: This value is the normal time difference from UTC, excluding daylight saving in minutes.
    - DaylightBias: This value is the time difference used for daylight saving for UTC. If you are 1 hour ahead, the value is ffffffc4,
      which is hex for -60. Note that the ActiveTimeBias is the sum of Bias and DaylightBias in daylight saving months, which is the same as
      Bias for standard months.

Export Logon Hours:

In order to export value of the attribute 'logonHours', simply select this attribute for export. The value will be exported using one
of the following formats (see NNS ADix help topic Export Settings > Attribute Syntax Conversions > Octet-String Conversion for more information):
- 0xC0 0x05 ... (digit groups (2 digits/group), prefixed with 0x, separated by blanks)
- \C0\05 ... (digit groups (2 digits/group), separated by back slashes)
- C0 05 ... (digit groups (2 digits/group), separated by blanks)
- C005 ... (42 digits)

Import Logon Hours:

In order to import values for the attribute 'logonHours', the import file must contain this attribute in the header of the import file and
the value must be formatted using one of the following formats:
- 0xC0 0x05 ... (21 digit groups (2 digits/group), prefixed with 0x, separated by blanks)
- \C0\05 ... (21 digit groups (2 digits/group), separated by back slashes)
- C0 05 ... (21 digit groups (2 digits/group), separated by blanks)
- C005 ... (42 digits)

Furthermore this attribute must be configured for String-to-Octet-String conversion (see the NNS ADix help
topic Import Settings > Attribute Syntax Conversions > Octet-String Conversion for more information).

Note:
    In NNS ADix versions prior to v3.4, the import of the attribute 'logonHours' is not supported.

Example:

path;logonHours
"LDAP://cn=j.doe,cn=users,dc=dom,dc=com";"0x00 0x00 0x80 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0x7F 0x00 0x00 0x00"

Query for Logon Hours:

You can query for logon hours using the 'logonHours'-attribute in your LDAP query and format the value
to query for using the following format:
- \C0\05 ... (21 digit groups (2 digits/group), separated by back slashes)

Examples:

(&(objectCategory=person)(objectClass=user)(logonHours=\00\00\80\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\7F\00\00\00))

(&(objectCategory=person)(objectClass=user)(logonHours=\00\00\80\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF*))