Re: AD Last User Logon Question

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 13:44:51 -0400

1. Last logon is not a replicated attribute, it is unique to every DC. This was
done on purpose. My last forest I managed had 250k users. Replicating last logon
attributes would have killed my directory.

2. Is the exchange mailbox tied to the NT4 account or to an AD Account? 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Frank wrote:
> Overview:
> 
> We are currently attempting to clean up our AD GAL and 
> user accounts. We have run 3 different tools to show us 
> last logon date for each user account:
> 
> System tools- Hyena
> http://www.systemtools.com/
> System Tools- DumpSec
> http://www.systemtools.com/somarsoft/
> Windows resource Kit Tool
> Usrstat
>  
> Problem:
> 
> All the tools show the same user information for last 
> logon. They all query all the DC/GC and look for 
> last "True Logon". When run against our 3 DC's separately. 
> They show different times for last logon. 
> QUESTION 1:
> Why doesn't the last logon show the same for all DC's? 
> Example-                DC1- Last logon 06-27-04
> 
>                         DC2- Last logon 03-15-04
> 
>                         DC3- Last logon Never
> 
> When you pull true last logon using the tools it does show 
> the 06-27-04 but again, why is it different. If it is a 
> single AD and there is replication (which is not failing-
> checked with ReplMon) shouldn't last logon show for all 
> DC's the same?
> 
> QUESTION 2:
> 
> Buildings off of Question 1--- We know that some of the 
> data is incorrect. We have users logging into AD to use 
> Exchange 2000. It is not their default logon domain. The 
> NT4.0 trusted one is. (In most cases). The dates above 
> show for a current user in our organization. I know the 
> data is not correct because the user works in the same 
> building and had signed into AD/Exchange to use mail all 
> this week.
> 
> 
> Is this a possible bug with AD? Any hot fixes we should 
> check? Could there be a problem with the Trust if user 
> ID's and passwords are the same?
> 
>

Relevant Pages

  • Re: AD Last User Logon Question
    ... > In forst and domain functional level 2003- last logon is> replicated. ... We are currently domain functional level 2003> not forest. ... > Replicating last logon ... Is the exchange mailbox tied to the NT4 account or to> ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Last User Logon Question
    ... We are currently domain functional level 2003> not forest. ... Last logon is not a replicated attribute, it is unique> to every DC. ... > Replicating last logon>>attributes would have killed my directory. ... We have run 3 different tools to show us>>> last logon date for each user account:>>> ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Last User Logon Question
    ... users are only using to access mail. ... In forst and domain functional level 2003- last logon is ... Replicating last logon ... Is the exchange mailbox tied to the NT4 account or to ...
    (microsoft.public.windows.server.active_directory)
  • AD Last User Logon Question
    ... user accounts. ... last logon date for each user account: ... last "True Logon". ... Buildings off of Question 1--- We know that some of the ...
    (microsoft.public.windows.server.active_directory)
  • Re: User Login
    ... the user account will be able to logon remotely even though they ... the domain group called Domain Users is a member of the local ... Users group on all computers; this is usually why any domain user can ... put those user accounts into domain group and apply a GPO to the OU ...
    (microsoft.public.windows.server.active_directory)