lastLogonTimestamp

February 7, 2007 at 9:14 am | In Active Directory, Blog, LDAP, Microsoft, Security, Technology, Windows | Leave a Comment

While doing some research on determining the last time a user logged in to a domain, I came across the lastLogonTimestamp attribute:

Prior to Windows Server 2003, determining the last time a user logged on to the domain was somewhat difficult. The lastLogon attribute is not replicated from one domain controller to another. For example, suppose a new user logs on to domain controller A. You now write a script that requests the last logon time for our new user, and the script happens to connect to domain controller B. Oddly enough, the script will tell you that the user has never logged on, even though you know for a fact that the user is logged on right now.

Windows Server 2003 introduced the lastLogonTimestamp. The lastLogon attribute is still present in the Active Directory schema for Windows 2003 and this attribute still isn’t replicated from one domain controller to another. The lastLogonTimestamp attribute also keeps track of the last time a user logged on to the domain, but is replicated from one domain controller to another. If you want to know the last time a user logged on, just write a script and connect to any domain controller; the value will be the same on each one.

It’s important to note that the last logon timestamp will typically not report the user’s true last logon time. Since replicating the log on and log off of a group of users who do this several times a day throughout the entire domain could generate a large amount of replication traffic, and for little purpose since we typically care about only the so-called “stale” accounts,” users who haven’t logged on in the last few weeks. To reduce this replication traffic, the lastLogonTimestamp is replicated only once every 14 days. This helps limit replication traffic, although it also means that the lastLogonTimestamp for any given user could be off by as much as 14 days.

NOTE: If the lastLogonTimestamp attribute has never been updated, it has a null value.

Reference: http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx

Possibly related posts: (automatically generated)

No Comments Yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.