Feature Request: Allows to display timestamp in ISO8601 format

[wbi-ocd]

Currently, in user/group/computer module with timestamped values are displayed in format DD/mm/YYYYTHH:MM:SS+TZ (eg: 18-11-2022T14:01:38+0000) for all output format.

This format is no easily sortable, and it would be nice to have an option such as --iso-8601 in order to have these times displayed in iso8601 format.

Thanks for your work.

[janstarke]

I see, this format is a poor choice (and a bug). I intended to use %Y-%m-%dT%H:%M:%S%z but I mixed things up (concretely: day and year). Easy to fix this.

Regarding the customization idea: I don't like having of cli parameters. However, in the dfir-toolkit, we use an RFC3339 compliant format, which can be changed by setting the DFIR_DATE environment variable. This allows to change the date format for all tools of the toolkit e.g. in your profile settings. What do you think about using the same behavior in ntdsextract2?

If you need to sort AD entries by date/time, you can also use the timeline feature together with mactime2, which can sort all entries.

[wbi-ocd]

Using DFIR_DATE would a good solution especially if it's consistent with your other tools (and easy to implement for you).

I also use the timeline feature, but I also like to manipulate json-lines entries as they contain a bit more information (and I also found the JSON format easy to manipulate).

Thanks,