• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 735
  • Last Modified:

get-aduser and get-adcomputer lastLogon and LastLogonDate

if you run ad cmdlets to get all attributes about adusers and adcomputers, it returns 2 field, lastlogon and lastlogondate.

lastlogon never seems to contain a valid date, whereas lastlogondate does. However, how accurate are these commands. If you run them directly from a domain controller - is this representing the last time the user or computer logged into the domain via that specific domain controller, or is it a reflective lastlogondate over any domain controller?

If it is per domain controller - how can you get an accurate lastlogondate over any domain controller in the domain, as this info could be misleading? I prefer to use the ad cmdlets rather than anything else.
0
pma111
Asked:
pma111
  • 2
1 Solution
 
AndyIt ConsultantCommented:
Hi,
The information will be from the DC you're connected to when you logon.
To do it for all DC's you'd need to have a line for each DC specifying that DC.

If the user(s) is(are) in a site with 2 DC's then they'll use one of those 2 local DC's
0
 
pma111Author Commented:
is the lastLogontimeStamp replicated, so you can rely on that rather than having to run multiple reports and analyse lots of reports (one per DC).
0
 
AndyIt ConsultantCommented:
It should be correct as per the latest DC sync.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now