Re: AD Last User Logon Question

From: Mike Brannigan [MSFT] (mikebran_at_online.microsoft.com)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 21:35:46 +0100

You are seeing the correct behaviour - since you are not in the right forest
mode you are not replicating the attribute and thus the times on the DCs are
the times that they were used by the user account to authenticate, since a
user may be authenticated by any DCs they all potentially all show different
times if they have been used at different times in the past. 

-- 
Regards,
Mike
--
Mike Brannigan [Microsoft]
This posting is provided "AS IS" with no warranties, and confers no
rights
Please note I cannot respond to e-mailed questions, please use these
newsgroups
"Frank" <frank_guzowski@hotmail.com> wrote in message 
news:011a01c4a19a$a504fea0$a501280a@phx.gbl...
> Exchange 2000 Native mode tied to AD domain 2003 that
> users are only using to access mail. The concern is that
> we know the users are loging into mail, yet the dc/gc
> shows older dates and times.
> In forst and domain functional level 2003- last logon is
> replicated. We are currently domain functional level 2003
> not forest.
>>-----Original Message-----
>>1. Last logon is not a replicated attribute, it is unique
> to every DC. This was
>>done on purpose. My last forest I managed had 250k users.
> Replicating last logon
>>attributes would have killed my directory.
>>
>>2. Is the exchange mailbox tied to the NT4 account or to
> an AD Account?
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory
> Services
>>www.joeware.net
>>
>>
>>
>>Frank wrote:
>>> Overview:
>>>
>>> We are currently attempting to clean up our AD GAL and
>>> user accounts. We have run 3 different tools to show us
>>> last logon date for each user account:
>>>
>>> System tools- Hyena
>>> http://www.systemtools.com/
>>> System Tools- DumpSec
>>> http://www.systemtools.com/somarsoft/
>>> Windows resource Kit Tool
>>> Usrstat
>>>
>>> Problem:
>>>
>>> All the tools show the same user information for last
>>> logon. They all query all the DC/GC and look for
>>> last "True Logon". When run against our 3 DC's
> separately.
>>> They show different times for last logon.
>>> QUESTION 1:
>>> Why doesn't the last logon show the same for all DC's?
>>> Example-                DC1- Last logon 06-27-04
>>>
>>>                         DC2- Last logon 03-15-04
>>>
>>>                         DC3- Last logon Never
>>>
>>> When you pull true last logon using the tools it does
> show
>>> the 06-27-04 but again, why is it different. If it is a
>>> single AD and there is replication (which is not
> failing-
>>> checked with ReplMon) shouldn't last logon show for all
>>> DC's the same?
>>>
>>> QUESTION 2:
>>>
>>> Buildings off of Question 1--- We know that some of the
>>> data is incorrect. We have users logging into AD to use
>>> Exchange 2000. It is not their default logon domain.
> The
>>> NT4.0 trusted one is. (In most cases). The dates above
>>> show for a current user in our organization. I know the
>>> data is not correct because the user works in the same
>>> building and had signed into AD/Exchange to use mail
> all
>>> this week.
>>>
>>>
>>> Is this a possible bug with AD? Any hot fixes we should
>>> check? Could there be a problem with the Trust if user
>>> ID's and passwords are the same?
>>>
>>>
>>.
>>
Loading