Sometimes it is useful to be able to search for objects in Active Directory based on when they were created or changed, or both. The two attributes that hold this information are whenCreated and whenChanged, and they are present on all AD objects.
You use these two attributes like any other in you LDAP queries, the only thing to watch is the syntax of the date/time value. The syntax of both attributes is like this:
YYYY MM DD HH mm ss.s Z
2008 08 12 00 00 00.0 Z
2008 08 12 00 00 00.0 Z
(The capital Z at the end is mandatory and denotes Zulu time, which is the same as GMT.)
So to search for all users created on or after 12 August 2008 you use this query:
(&(objectClass=User)(whenChanged>=20080812000000.0Z))