Solved

get-aduser and get-adcomputer lastLogon and LastLogonDate

Posted on 2016-11-25
3
301 Views
Last Modified: 2016-11-25
if you run ad cmdlets to get all attributes about adusers and adcomputers, it returns 2 field, lastlogon and lastlogondate.

lastlogon never seems to contain a valid date, whereas lastlogondate does. However, how accurate are these commands. If you run them directly from a domain controller - is this representing the last time the user or computer logged into the domain via that specific domain controller, or is it a reflective lastlogondate over any domain controller?

If it is per domain controller - how can you get an accurate lastlogondate over any domain controller in the domain, as this info could be misleading? I prefer to use the ad cmdlets rather than anything else.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
Andy earned 500 total points
ID: 41901608
Hi,
The information will be from the DC you're connected to when you logon.
To do it for all DC's you'd need to have a line for each DC specifying that DC.

If the user(s) is(are) in a site with 2 DC's then they'll use one of those 2 local DC's
0
 
LVL 3

Author Comment

by:pma111
ID: 41901616
is the lastLogontimeStamp replicated, so you can rely on that rather than having to run multiple reports and analyse lots of reports (one per DC).
0
 
LVL 7

Expert Comment

by:Andy
ID: 41901618
It should be correct as per the latest DC sync.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question