Some of the Active Directory (AD) attributes with Generalized-Time syntax are documented in the following table. Sometimes this syntax is called UTC Coded time, because the values are stored in AD in UTC (Coordinated Universal Time, which used to be called GMT). "Replicated" in the table means the attribute is replicated to all domain controllers in the domain. "In GC" means the attribute is replicated to the Global Catalog. "Operational" means the attribute is not actually saved in AD, but is constructed on request from other attributes.
| LDAPDisplayName |
PowerShell Property |
Replicated |
In GC |
Operational |
| createTimeStamp |
<none> |
Yes |
No |
Yes |
| meetingEndTime |
<none> |
Yes |
No |
No |
| meetingStartTime |
<none> |
Yes |
No |
No |
| modifyTimeStamp |
<none> |
Yes |
No |
Yes |
| whenChanged |
Modified |
No |
Yes |
No |
| whenCreated |
Created |
Yes |
Yes |
No |
The meetingStartTime and meetingEndTime attributes only apply to objects of class Meeting. All of the other attributes in the above table apply to all objects in AD. The PowerShell properties Created and Modified are supported by the Active Directory module cmdlets, like Get-ADUser, Get-ADComputer, and Get-ADObject. These properties convert the values of the actual createTimeZone and modifyTimeZone attributes into datetime values in the local time zone. All of the attributes in the above table can only be updated by the system, except for meetingEndTime and meetingStartTime.
As shown in the table above, the Active Directory schema tells us that createTimeStamp and modifyTimeStamp are replicated to all domain controllers, but are not in the Global Catalog. The whenChanged attribute is not replicated, but somehow is in the Global Catalog, while whenCreated is replicated and in the GC.
Notice that createTimeStamp and modifyTimeStamp are both operational (sometimes called constructed). This means the values are not saved in AD, but are constructed by the domain controller when you request the values. In this case, createTimeStamp is constructed from whenCreated and modifyTimeStamp is constructed from whenChanged. That explains why the values of createTimeStamp and whenCreated are the same for any object, as long as you query one domain controller. The values of whenChanged and modifyTimeStamp also agree on any given domain controller.