• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 546
  • Last Modified:

ad users and computers days since last login

IS ther days since last login information in ad users and computers accurate? Or is it specific to a certain domain controller (or is it checking through all DC's for this data?)
0
pma111
Asked:
pma111
4 Solutions
 
Joseph MoodyBlogger and wearer of all hats.Commented:
Depends on your definition of accurate and how timely you want your data to be. For your reading pleasure:

http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
0
 
Mike KlineCommented:
lastlogontimestamp is replicated and is accurate between 9-14 days.  More on that here

http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx

lastlogon is accurate but it is not replicated so there are tools and scripts that will query lastlogon on each DC and get the most recent date.

Thanks


Mike
0
 
pma111Author Commented:
Is lastlogontimestamp what aduc is using when querying "days since last logon"
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
pma111Author Commented:
guys?
0
 
pma111Author Commented:
are you still monitoring this question, I was unsure whether you are saying ADUC uses the lastlogintimestamp when using the "days since last login" query option,
0
 
ssmith81Commented:
There are two value you can check:

-lastlogon
-lastlogontimestamp

The problem with lastlogon is that it is an attribute that does not replicate. So you would need to check the value on all domain controllers and retain the latest value.
Lastlogontimestamp is an attribute that does replicate but is not updated unless the previous login was more than 14 days earlier.
The above link looks good to understand the concern.
0
 
pma111Author Commented:
which attribute is ADUC using?
0
 
pma111Author Commented:
I still dont know which attribute ADUC is reporting on, can anyone confirm? The question was specific to ADUC which nobody has covered as yet.
0
 
ssmith81Commented:
So, Have you checked user accounts attribute ?
0
 
pma111Author Commented:
I can see the date related fields in the users "attribute editor" tab, but dont see how I can include those fields in an ADUC query?

And back to the quetion, when defining a new query in ADUC, there is a "days since last logon" option, where you can select 30, 90, 120 etc. I want to no which field its basing that on, is it lastlogon, or lastlogontimestamp
0
 
michaelalphiCommented:
Hi Pma,
Though the link suggested by smith has very nice explained about.
However, You can access ArcFM utility tools by right-clicking features in the Attribute Editor.
Check this : http://resources.arcfmsolution.com/10.1/DesktopUsing/Attribute_Editor.html
For your second concern, yes it is lastlogon.
This article determine better to understand the difference between both "lst logon" and "lastlogontimestamp " :http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now