Solved

Last Logon field is blank in Active Directory CSVDE Export

Posted on 2014-09-30
3
1,117 Views
Last Modified: 2014-10-06
Hi All,

I have a quick question surrounding an Active Directory export that I have been given from a customer's AD environment.

In quite a few records the lastLogon field is empty but the pwdlastset date has a recent entry.

I dont understand how the lastlogon is blank when there is an entry in the pwdlast set field

Would anyone have any ideas?

TJ
0
Comment
Question by:tjoconnor
  • 2
3 Comments
 
LVL 8

Expert Comment

by:Acosta Technology Services
ID: 40352063
It's likely a problem with the script used to perform the export.  I would try the following and see if some of those "blank" users come back with lastlogon results:

get-aduser -filter * -properties lastLogonTimestamp | select name, lastLogonTimestamp |export-csv "output.csv"
0
 

Author Comment

by:tjoconnor
ID: 40352125
Hi Operationnos, thanks for your reply.

Below is the command I used. I believe you are using lastLogonTimestamp whereas I used LastLogon. Would that be the potential reason for this, as I recently learned that 'lastLogonTimestamp' is replicated among all DC's and 'LastLogon' is only present on the DC that you authenticate with.

But ultimately is there a reason why the lastlogon would be blank and pwdlastset would be populated?

CSVDE -f adexport.csv -r objectClass=computer -l DN,cn,objectClass,lastLogon,pwdLastSet,userAccountControl,operatingSystem,operatingSystemVersion,description –u
0
 
LVL 8

Accepted Solution

by:
Acosta Technology Services earned 500 total points
ID: 40352132
I believe you are right on the money.  "pwdlastset" would be available from all DC's, while "lastlogon" would only show the results from the DC that the user was authenticated against.  Using "lastlogontimestamp" should provide you the information you're looking for.  Another option would be to query all DC's for "lastlogon" and then merge the data into a single file; using that data you would also have logon location.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now