Re: LastLogon attribute
- From: MGD <MGD@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 27 Feb 2007 07:11:08 -0800
Richard,
Thanks for the information (fact is I am using your script as one of my
"tools/scripts").
So are you saying that if a user has never logged into a DC (the attribute
shows in ADSI edit on a DC as "<not set >") that DC will not show up in a
list of DCs for that user?
If that is true then the other problem I have just became a big issue.
Using ADSI edit to look at DC1, it shows a value of "not set". Using the
acctinfo.dll and ADUC pointing to DC1 shows a date/time stamp (as far as I
can tell it shows an accurate date/time stamp for when the user last logged
on). The perticular user that I am looking at would and should (and as far
as I can tell does) log into DC1 (that is the one set for his site). Got any
ideas on this?
Thanks
--
Master Gold Dragon
Always taking it to the next level.
"Richard Mueller [MVP]" wrote:
MGD wrote:.
Running AD 2000 with all 2000 DCs. I have 10+ DCs and 2 domains across
multiple sites. Have looked at DNS, WINS, Replication, etc. all looks
good.
First, a question. When I pull a list of when a user last logged in,
shouldn't I get an answer from all DCs? I know that attribute is not
replicated, but all of the tools/scripts I have used check every DC. I
have
looked at many users and I don't get back last logon information from all
the
DCs. Sometimes I get several, sometimes just a few (I can't seem to find
a
pattern to this). Any information you can give me would be appreciative.
Second, I am seeing a situation where I have a user account that when I
look
through ADSI edit at the last logon value it says <not set>, yet when I
look
at the user in ADUC I see a date/time stamp (I have the acctinfo.dll in
place
so I have the "Additional Account Info" tab in ADUC). Yes, I have
verified
that I am looking at the same DC. I am seeing similar type issues with
what
seems like random users on a couple of other DCs also. It is happening in
both domains. Any thoughts? I am just looking for a direction to go with
this.
Because lastLogon is not replicated, a different value will be stored for
each user on each DC. If a user never authenticated to a DC, the lastLogon
attribute for that user on that DC will not have a value set.
I don't know what tools/scripts you are using. I have a sample VBScript
program to retrieve the LastLogon date for all users linked here:
http://www.rlmueller.net/Last%20Logon.htm
The program first gets a list of all DC's in the domain. Then the script
searches each DC for all users and retrieves the lastLogon attribute values
on that DC. A dictionary object is used to retain the largest (lastest)
value for each user. After all DC's have been queried, we have the true
LastLogon for each user. The lastLogon attribute is Integer8 (a 64-bit
number), so special methods are required to convert the value to date/time
in the local time zone.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
- Follow-Ups:
- Re: LastLogon attribute
- From: Richard Mueller [MVP]
- Re: LastLogon attribute
- References:
- Re: LastLogon attribute
- From: Richard Mueller [MVP]
- Re: LastLogon attribute
- Prev by Date: Re: No Password Expire
- Next by Date: Re: error message for new user
- Previous by thread: Re: LastLogon attribute
- Next by thread: Re: LastLogon attribute
- Index(es):
Relevant Pages
|
