Windows server (Windows Server 2012 R2).
1 Like
Hard to tell when the issue started. Iâm going to check external AD and report.
Thanks for pointing it out.
EDIT:
I tested using Win Server 2022 and there are no issues when disabling a user or force password change etc. in AD.
Maybe it helps to change the date/time format?
Maybe itâs some other setting that causes issues, you could try to play with the settings to check if the error goes away.
BTW, Win Server 2012 R2 reached EOL in 2023, see Windows Server 2012 and 2012 R2 reaching end of support - Microsoft Lifecycle | Microsoft Learn
Were these^^^ lines of code changed recently that check for a userâs âmust_changeâ attribute? I donât this I have access to the code repository to check myself.
1 Like
Good catch, it was a recent change, see Add "Must Change Password on Login" & Password Expiration Controls (#⊠· NethServer/ns8-core@0f4d522 · GitHub
Do you use a regional time/date format on your Windows Server 2012 R2? Does it help to change it to US time/date format?
It would be interesting which value the pwd_changed_time has on your side.
To find it out you could edit /usr/local/agent/pypkg/agent/ldapclient/ad.py and add following at line 180âŠ
with open("/home/test", "a") as f:
f.write(user['user']+" - PWD_CHANGED_TIME: "+str(pwd_changed_time)+"\n")
âŠso it looks like the following:
# In AD, pwdLastSet = 0 means that the user must change the password at next logon
# The timestamp 0 in Windows epoch is -11644473600 in Unix epoch
with open("/home/test", "a") as f:
f.write(user['user']+" - PWD_CHANGED_TIME: "+str(pwd_changed_time)+"\n")
user['must_change'] = (pwd_changed_time.timestamp() == -11644473600)
users.append(user)
return users
Now go to the Domains and Users once more to get the error and then you should have results in the file, please share those results:
[root@node ~]# cat /home/test
testuser1 - PWD_CHANGED_TIME: 2025-05-25 19:14:36.640928+00:00
buck - PWD_CHANGED_TIME: 2025-05-25 18:18:33.954294+00:00
markus - PWD_CHANGED_TIME: 1601-01-01 00:00:00+00:00
Administrator - PWD_CHANGED_TIME: 2025-01-09 14:40:36.523201+00:00
Remove the change again:
# In AD, pwdLastSet = 0 means that the user must change the password at next logon
# The timestamp 0 in Windows epoch is -11644473600 in Unix epoch
user['must_change'] = (pwd_changed_time.timestamp() == -11644473600)
users.append(user)
return users
Remove the file:
rm /home/test
2 Likes
AttributeError: âlistâ object has no attribute âtimestampâ
Maybe with older Microsoft AD implementation the Python library returns a list where a datetime is expected by our code?
Do we have to widen the type expectation in our code? /cc @stephdl
2 Likes
we should know what is the output indeed
open the developer tools in the user list and check the output of list-domain-users
cp and paste the object
1 Like
Itâs a backend error, this is the trace:
2 Likes
I am not sure we have tested it, we have lock a user from a remote NS7/NS8, but do we have disabled a user from a remote windows server ?
2 Likes
Weâre going to produce a fix for it.
I retested external AD with win server 2022 and there it works.
1 Like
2 Likes
A fix for the user list error with the remote AD provider, Windows Server 2012 is available in testing as Core 3.11.2-dev.1
@csteaderman , please help us to verify the fix. You can run a command like:
api-cli run update-core --data '{"core_url":"ghcr.io/nethserver/core:3.11.2-dev.1","nodes":[1]}'
Replace [1] with the cluster leader node ID, if needed.
Meanwhile I verified that there are no regression with local Samba AD @stephdl 
2 Likes
The update to 3.11.2-dev.1 does indeed allow me to view users from my AD.
2 Likes
Great, thanks for testing!
It is the least I can do for the help provided me!
1 Like