This behavior has been confirmed as Bug between Splunk Version 6.x and current release 6.0.3. It is expected to be fixed in Splunk Release 6.0.5. Bug Number

SPL-83047:ADmon: Timestamp fields (pwdLastSet, badPasswordTime, lastlogonTimestamp, etc.) are not being retrieved accurately from the AD record