Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

get-aduser and get-adcomputer lastLogon and LastLogonDate

if you run ad cmdlets to get all attributes about adusers and adcomputers, it returns 2 field, lastlogon and lastlogondate.

lastlogon never seems to contain a valid date, whereas lastlogondate does. However, how accurate are these commands. If you run them directly from a domain controller - is this representing the last time the user or computer logged into the domain via that specific domain controller, or is it a reflective lastlogondate over any domain controller?

If it is per domain controller - how can you get an accurate lastlogondate over any domain controller in the domain, as this info could be misleading? I prefer to use the ad cmdlets rather than anything else.
ASKER CERTIFIED SOLUTION
Avatar of Andy
Andy

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pau Lo
Pau Lo

ASKER

is the lastLogontimeStamp replicated, so you can rely on that rather than having to run multiple reports and analyse lots of reports (one per DC).
It should be correct as per the latest DC sync.