Solved

AD 2008  - R2 User Logon Count = 0, but lastlogontimestamp is recent

Posted on 2014-09-25
1
485 Views
Last Modified: 2014-10-13
We have 3 DC's in a single domain.

Using Dovestone's True Last Logon application, I searched all DC's for "stale" accounts.

Almost every account displays a Last Authenticated DC entry of one of the DC's,

Of these, there are  accounts that have a logonCount = 0, or blank, and a recent lastLogonTimestamp

A few of those have lastlogon dates up to a year prior.

I'm trying to understand how an account can have a Last Authenticated DC entry, a 0 (or blank) logon count, but have a recent lastLogonTimestamp?
0
Comment
Question by:BellevueAdmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40345494
Replication is one possible answer. lastLogonTimeStamp is replicated between DCs, but logonCount is not (it's specific to each DC).

Chris
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question