get-aduser and get-adcomputer lastLogon and LastLogonDate
Posted on 2016-11-25
if you run ad cmdlets to get all attributes about adusers and adcomputers, it returns 2 field, lastlogon and lastlogondate.
lastlogon never seems to contain a valid date, whereas lastlogondate does. However, how accurate are these commands. If you run them directly from a domain controller - is this representing the last time the user or computer logged into the domain via that specific domain controller, or is it a reflective lastlogondate over any domain controller?
If it is per domain controller - how can you get an accurate lastlogondate over any domain controller in the domain, as this info could be misleading? I prefer to use the ad cmdlets rather than anything else.