While doing some research on determining the last time a user logged in to a domain, I came across the lastLogonTimestamp attribute:

Prior to Windows Server 2003, determining the last time a user logged on to the domain was somewhat difficult. The lastLogon attribute is not replicated from one domain controller to another. For example, suppose a new user logs on to domain controller A. You now write a script that requests the last logon time for our new user, and the script happens to connect to domain controller B. Oddly enough, the script will tell you that the user has never logged on, even though you know for a fact that the user is logged on right now.

Windows Server 2003 introduced the lastLogonTimestamp. The lastLogon attribute is still present in the Active Directory schema for Windows 2003 and this attribute still isn’t replicated from one domain controller to another. The lastLogonTimestamp attribute also keeps track of the last time a user logged on to the domain, but is replicated from one domain controller to another. If you want to know the last time a user logged on, just write a script and connect to any domain controller; the value will be the same on each one.

It’s important to note that the last logon timestamp will typically not report the user’s true last logon time. Since replicating the log on and log off of a group of users who do this several times a day throughout the entire domain could generate a large amount of replication traffic, and for little purpose since we typically care about only the so-called “stale” accounts,” users who haven’t logged on in the last few weeks. To reduce this replication traffic, the lastLogonTimestamp is replicated only once every 14 days. This helps limit replication traffic, although it also means that the lastLogonTimestamp for any given user could be off by as much as 14 days.

NOTE: If the lastLogonTimestamp attribute has never been updated, it has a null value.



Steve Mullen has been involved in information technology for over 35 years. He is also actively involved in the music program (voice and English hand bells) and Vestry of St. Anne’s Episcopal Church in Damascus, MD.

Posted in Active Directory, Blog, LDAP, Microsoft, Security, Technology, Windows
13 comments on “lastLogonTimestamp
  1. […] lastLogonTimestamp « Steve Mullen’s BlogFeb 7, 2007 … /active-directory-vbscript-to-enumerate-the-last-logon-of-all-ad … […]

  2. It’s a shame you don’t have a donate button! I’d most certainly donate to this excellent blog! I suppose for now i’ll settle for book-marking and adding your RSS feed to my Google account.

    I look forward to brand new updates and will talk about this blog with my Facebook group.
    Chat soon!

  3. David says:

    Hi, i think that i saw you visited my blog so i came to “return the favor”.
    I’m attempting to find things to enhance my website!I suppose its ok to use some of your ideas!!

  4. If you are going for best contents like myself, only pay a visit this web site all
    the time for the reason that it gives quality contents, thanks

  5. kik for pc says:

    Superb, what a blog it is! This web site gives useful data to us, keep it up.

  6. Anonymous says:

    I have a confident analytical vision for detail and may
    anticipate troubles prior to they happen.

  7. Anonymous says:

    Hello! I simply would like to give a huge thumbs up
    for the nice information you could have right here on this post.

    I shall be coming back to your blog for extra soon.

  8. We absolutely love your blog and find many of your post’s to be exactly I’m looking for.
    can you offer guest writers to write content for you? I wouldn’t mind composing a post or elaborating on a few of the subjects you
    write with regards to here. Again, awesome site!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

February 2007
« Jan   Mar »
%d bloggers like this: