What are the key password policy attributes obtained from Active Directory, and how are their raw values converted to human-readable time?

Key attributes include maxPwdAge (maximum password age), minPwdLength (minimum password length), lockoutDuration (account lockout duration), lockoutThreshold (failed attempts before lockout), and lockOutObservationWindow (reset counter time). The raw values are in 100-nanosecond intervals; to convert to seconds, divide by 10,000,000. For example, maxPwdAge of -36288000000000 equals 3628800 seconds, or 42 days. Full conversion details are in the article Penetration Basics - Obtaining Domain User Password Policies.