<div>
<div class="content wysiwyg-content">
We have 3 DC's in a single domain.<br />
<br />
Using Dovestone's True Last Logon application, I searched all DC's for &quot;stale&quot; accounts.<br />
<br />
Almost every account displays a Last Authenticated DC entry of one of the DC's, <br />
<br />
Of these, there are &nbsp;accounts that have a logonCount = 0, or blank, and a recent lastLogonTimestamp<br />
<br />
A few of those have lastlogon dates up to a year prior.<br />
<br />
I'm trying to understand how an account can have a Last Authenticated DC entry, a 0 (or blank) logon count, but have a recent lastLogonTimestamp?
</div>
</div>


We have 3 DC's in a single domain.

Using Dovestone's True Last Logon application, I searched all DC's for "stale" accounts.

Almost every account displays a Last Authenticated DC entry of one of the DC's, 

Of these, there are  accounts that have a logonCount = 0, or blank, and a recent lastLogonTimestamp

A few of those have lastlogon dates up to a year prior.

I'm trying to understand how an account can have a Last Authenticated DC entry, a 0 (or blank) logon count, but have a recent lastLogonTimestamp?

AD 2008  - R2 User Logon Count = 0, but lastlogontimestamp is recent

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.