Solved

Last Logon field is blank in Active Directory CSVDE Export

Posted on 2014-09-30
3
1,304 Views
Last Modified: 2014-10-06
Hi All,

I have a quick question surrounding an Active Directory export that I have been given from a customer's AD environment.

In quite a few records the lastLogon field is empty but the pwdlastset date has a recent entry.

I dont understand how the lastlogon is blank when there is an entry in the pwdlast set field

Would anyone have any ideas?

TJ
0
Comment
Question by:tjoconnor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Expert Comment

by:Acosta Technology Services
ID: 40352063
It's likely a problem with the script used to perform the export.  I would try the following and see if some of those "blank" users come back with lastlogon results:

get-aduser -filter * -properties lastLogonTimestamp | select name, lastLogonTimestamp |export-csv "output.csv"
0
 

Author Comment

by:tjoconnor
ID: 40352125
Hi Operationnos, thanks for your reply.

Below is the command I used. I believe you are using lastLogonTimestamp whereas I used LastLogon. Would that be the potential reason for this, as I recently learned that 'lastLogonTimestamp' is replicated among all DC's and 'LastLogon' is only present on the DC that you authenticate with.

But ultimately is there a reason why the lastlogon would be blank and pwdlastset would be populated?

CSVDE -f adexport.csv -r objectClass=computer -l DN,cn,objectClass,lastLogon,pwdLastSet,userAccountControl,operatingSystem,operatingSystemVersion,description –u
0
 
LVL 8

Accepted Solution

by:
Acosta Technology Services earned 500 total points
ID: 40352132
I believe you are right on the money.  "pwdlastset" would be available from all DC's, while "lastlogon" would only show the results from the DC that the user was authenticated against.  Using "lastlogontimestamp" should provide you the information you're looking for.  Another option would be to query all DC's for "lastlogon" and then merge the data into a single file; using that data you would also have logon location.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question