Logon information in Active Directory

Why are logon times different from DC to DC?  Isn't last login time an attribute of the user object, and thus replicated to every domain controller?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

do you have an authoritative time server for your domain? this will synch them all up.... the article below tells you how to set it up.

Actually, no it isn't, not in w2k anyway.
See attribute descriptions here:
User Security Attributes

Script to enumerate the most current:
Last Logon Dates

Deb :))

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
For the sake of clarity - As in yes it IS an attribute - but NO it isn't replicated - it's value is held locally on the DC....
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

deb,, I'll be the first person to admit when im wrong, but i dont think i am here.  Although i think i might have left off part of the solution. My link tells him how to set up a time server.  Then all of his other computers/DCs need to synch to it.  they could us the "command net time /set /y" to do this. I'm not sure what your links even do or do i know why you say. "Actually, no it isn't, not in w2k anyway." My link was straight from MS, how could it be wrong?
Hi Mike

Sorry I posted my response prior to refreshing my browser, so I didn't know you'd posted until I'd submitted.

I think we've just both interpreted the question differently -

I took the question to be referring to the last logon time user attribute showing as being different depending on which dc is being queried, often admins query these to track outdated or unused user accounts - Whilst AD is replicated, there are some attributes that aren't for some reason (MS would know) - the relevant part of my first link (which is msdn) is:

Non-replicated. The lastLogon attribute specifies when the last logon occurred. This value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). The high part of this large integer corresponds to the dwHighDateTime member of the FILETIME structure and the low part corresponds to the dwLowDateTime member of the FILETIME structure. This attribute is maintained separately on each domain controller in the domain. A value of zero means that the last logon time is unknown. To get an accurate value for the user's last logon in the domain, each domain controller in the domain must be queried and the largest value should be used." - <-- My second link is to a script which does just that - automatically queries dc's for the latest value.

From your posting you're referrring to time differentials between the dc's that would cause time differences, and if that is the issue, then yes you're right with the correct ms article for time syncing. We've just taken two different views of the question and posted at about the same time, but we are both right I think about what we've said.

Deb :))

ojfahoumAuthor Commented:
I guess my question was a little vague.  Thank you all for your responses.  Deb actually answered my question.  The link to the MSDN stuff was exactly what I needed.  I was trying to figure out what was replicated and what was not across DCs in terms of users and logins.

Again thank you all for the responses.

Thanks ojfahoum - Glad I helped!
Mike - What you said WAS right - the question could have been taken two ways... You've aced me before now right?
w2kmcp - Don't you feel a right donkey? LOL
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.