Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ad users and computers days since last login

Posted on 2014-03-24
11
Medium Priority
?
522 Views
Last Modified: 2014-04-10
IS ther days since last login information in ad users and computers accurate? Or is it specific to a certain domain controller (or is it checking through all DC's for this data?)
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 500 total points
ID: 39950714
Depends on your definition of accurate and how timely you want your data to be. For your reading pleasure:

http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 39950720
lastlogontimestamp is replicated and is accurate between 9-14 days.  More on that here

http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx

lastlogon is accurate but it is not replicated so there are tools and scripts that will query lastlogon on each DC and get the most recent date.

Thanks


Mike
0
 
LVL 3

Author Comment

by:pma111
ID: 39950847
Is lastlogontimestamp what aduc is using when querying "days since last logon"
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 3

Author Comment

by:pma111
ID: 39951522
guys?
0
 
LVL 3

Author Comment

by:pma111
ID: 39952734
are you still monitoring this question, I was unsure whether you are saying ADUC uses the lastlogintimestamp when using the "days since last login" query option,
0
 
LVL 2

Assisted Solution

by:ssmith81
ssmith81 earned 500 total points
ID: 39953170
There are two value you can check:

-lastlogon
-lastlogontimestamp

The problem with lastlogon is that it is an attribute that does not replicate. So you would need to check the value on all domain controllers and retain the latest value.
Lastlogontimestamp is an attribute that does replicate but is not updated unless the previous login was more than 14 days earlier.
The above link looks good to understand the concern.
0
 
LVL 3

Author Comment

by:pma111
ID: 39953236
which attribute is ADUC using?
0
 
LVL 3

Author Comment

by:pma111
ID: 39955533
I still dont know which attribute ADUC is reporting on, can anyone confirm? The question was specific to ADUC which nobody has covered as yet.
0
 
LVL 2

Expert Comment

by:ssmith81
ID: 39955570
So, Have you checked user accounts attribute ?
0
 
LVL 3

Author Comment

by:pma111
ID: 39955674
I can see the date related fields in the users "attribute editor" tab, but dont see how I can include those fields in an ADUC query?

And back to the quetion, when defining a new query in ADUC, there is a "days since last logon" option, where you can select 30, 90, 120 etc. I want to no which field its basing that on, is it lastlogon, or lastlogontimestamp
0
 
LVL 4

Assisted Solution

by:michaelalphi
michaelalphi earned 500 total points
ID: 39958234
Hi Pma,
Though the link suggested by smith has very nice explained about.
However, You can access ArcFM utility tools by right-clicking features in the Attribute Editor.
Check this : http://resources.arcfmsolution.com/10.1/DesktopUsing/Attribute_Editor.html
For your second concern, yes it is lastlogon.
This article determine better to understand the difference between both "lst logon" and "lastlogontimestamp " :http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question