Solved

AD 2008  - R2 User Logon Count = 0, but lastlogontimestamp is recent

Posted on 2014-09-25
1
497 Views
Last Modified: 2014-10-13
We have 3 DC's in a single domain.

Using Dovestone's True Last Logon application, I searched all DC's for "stale" accounts.

Almost every account displays a Last Authenticated DC entry of one of the DC's,

Of these, there are  accounts that have a logonCount = 0, or blank, and a recent lastLogonTimestamp

A few of those have lastlogon dates up to a year prior.

I'm trying to understand how an account can have a Last Authenticated DC entry, a 0 (or blank) logon count, but have a recent lastLogonTimestamp?
0
Comment
Question by:BellevueAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40345494
Replication is one possible answer. lastLogonTimeStamp is replicated between DCs, but logonCount is not (it's specific to each DC).

Chris
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question