diff --git a/modules/integrations/activedirectory/attributes.go b/modules/integrations/activedirectory/attributes.go
index 659cd19..bf568ba 100644
--- a/modules/integrations/activedirectory/attributes.go
+++ b/modules/integrations/activedirectory/attributes.go
@@ -90,5 +90,7 @@ var (
 	ScriptPath                  = engine.NewAttribute("scriptPath").Tag("AD").Single()
 	MSPKICertificateNameFlag    = engine.NewAttribute("msPKI-Certificate-Name-Flag").Tag("AD").Type(engine.AttributeTypeInt)
 	PKIExtendedUsage            = engine.NewAttribute("pKIExtendedKeyUsage").Tag("AD")
+	PKIExpirationPeriod         = engine.NewAttribute("pKIExpirationPeriod").Tag("AD")
+	PKIOverlapPeriod            = engine.NewAttribute("pKIOverlapPeriod").Tag("AD")
 	MsDSBehaviourVersion        = engine.NewAttribute("msDS-Behavior-Version").Type(engine.AttributeTypeInt)
 )
diff --git a/modules/integrations/activedirectory/rawobject.go b/modules/integrations/activedirectory/rawobject.go
index 2b6d658..88adf11 100644
--- a/modules/integrations/activedirectory/rawobject.go
+++ b/modules/integrations/activedirectory/rawobject.go
@@ -1,6 +1,8 @@
 package activedirectory
 
 import (
+	"encoding/binary"
+	"fmt"
 	"strconv"
 	"strings"
 	"sync"
@@ -127,6 +129,26 @@ func EncodeAttributeData(attribute engine.Attribute, values []string) engine.Att
 			default:
 				ui.Warn().Msgf("Failed to convert attribute %v value %2x to timestamp (unsupported length): %v", attribute.String(), tvalue)
 			}
+		case PKIExpirationPeriod, PKIOverlapPeriod:
+			nss := binary.BigEndian.Uint64([]byte(value))
+			secs := nss / 10000000
+			var period string
+			if (secs%31536000) == 0 && (secs/31536000) > 1 {
+				period = fmt.Sprintf("v% years", secs/31536000)
+			} else if (secs%2592000) == 0 && (secs/2592000) > 1 {
+				period = fmt.Sprintf("v% months", secs/2592000)
+			} else if (secs%604800) == 0 && (secs/604800) > 1 {
+				period = fmt.Sprintf("v% weeks", secs/604800)
+			} else if (secs%86400) == 0 && (secs/86400) > 1 {
+				period = fmt.Sprintf("v% days", secs/86400)
+			} else if (secs%3600) == 0 && (secs/3600) > 1 {
+				period = fmt.Sprintf("v% hours", secs/3600)
+			}
+			if period != "" {
+				attributevalue = engine.AttributeValueString(period)
+			} else {
+				attributevalue = engine.AttributeValueString(value)
+			}
 		case AttributeSecurityGUID, SchemaIDGUID, MSDSConsistencyGUID, RightsGUID:
 			switch len(value) {
 			case 16: