Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What triggers AD "last AD logon"

Posted on 2014-12-02
5
Medium Priority
?
181 Views
Last Modified: 2014-12-18
We have users that have their accounts supposedly disabled once they leave the company, but checking their last logon in AD shows the date, days and weeks after they leave the company.

Does accessing your exchange email show as an AD logon?

Does access exchange email using smartphone show as AD logon?

thanks
0
Comment
Question by:rdefino
5 Comments
 
LVL 11

Expert Comment

by:sumeshbnr
ID: 40477757
Most probably Yes because exchange uses AD to authenticate the user .But I am doubting how do access the mail if the users account is disabled.
0
 
LVL 81

Accepted Solution

by:
arnold earned 2000 total points
ID: 40477761
Any Ad authentication is sent to the DC that updates the event.
Based on your question "disabled" means password changed? Or supposedly means someone should have, but not clear when this step to actually disable the account was undertaken?

If you aggregate your DCs security log, you can query it to identify the source and type of AUTH requests received for this user.
0
 
LVL 5

Expert Comment

by:A Karelin
ID: 40477820
supposedly disabled or disabled or not?
0
 
LVL 26

Expert Comment

by:NVIT
ID: 40477935
I think the OP means the account is disabled but AD (where is this shown?) still shows logon dates occurring.
0
 
LVL 5

Expert Comment

by:A Karelin
ID: 40477949
What attribute did you check? LastLogonTimeStamp or LastLogon.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question