Re: AD Last User Logon Question

From: Todd J Heron (todd_heron_no_spam_at_hotmail.com)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 19:09:13 -0400

To Frank -

You didn't mention this:

RealLastLogon http://www.tools4nt.com/Products/rll/description.htm tracks
the last date an account was used for authentication, and not necessarily a
login to the domain (e.g., authentication against an Exchange server to read
mail).

:-) 

-- 
Todd J Heron, MCSE
Windows 2003/2000/NT
"Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message
news:OWZ0qzaoEHA.2340@TK2MSFTNGP11.phx.gbl...
> You are seeing the correct behaviour - since you are not in the right
forest
> mode you are not replicating the attribute and thus the times on the DCs
are
> the times that they were used by the user account to authenticate,  since
a
> user may be authenticated by any DCs they all potentially all show
different
> times if they have been used at different times in the past.
>
>
> -- 
>
> Regards,
>
> Mike
> --
> Mike Brannigan [Microsoft]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights
>
> Please note I cannot respond to e-mailed questions, please use these
> newsgroups
>
> "Frank" <frank_guzowski@hotmail.com> wrote in message
> news:011a01c4a19a$a504fea0$a501280a@phx.gbl...
> > Exchange 2000 Native mode tied to AD domain 2003 that
> > users are only using to access mail. The concern is that
> > we know the users are loging into mail, yet the dc/gc
> > shows older dates and times.
> > In forst and domain functional level 2003- last logon is
> > replicated. We are currently domain functional level 2003
> > not forest.
> >>-----Original Message-----
> >>1. Last logon is not a replicated attribute, it is unique
> > to every DC. This was
> >>done on purpose. My last forest I managed had 250k users.
> > Replicating last logon
> >>attributes would have killed my directory.
> >>
> >>2. Is the exchange mailbox tied to the NT4 account or to
> > an AD Account?
> >>
> >>--
> >>Joe Richards Microsoft MVP Windows Server Directory
> > Services
> >>www.joeware.net
> >>
> >>
> >>
> >>Frank wrote:
> >>> Overview:
> >>>
> >>> We are currently attempting to clean up our AD GAL and
> >>> user accounts. We have run 3 different tools to show us
> >>> last logon date for each user account:
> >>>
> >>> System tools- Hyena
> >>> http://www.systemtools.com/
> >>> System Tools- DumpSec
> >>> http://www.systemtools.com/somarsoft/
> >>> Windows resource Kit Tool
> >>> Usrstat
> >>>
> >>> Problem:
> >>>
> >>> All the tools show the same user information for last
> >>> logon. They all query all the DC/GC and look for
> >>> last "True Logon". When run against our 3 DC's
> > separately.
> >>> They show different times for last logon.
> >>> QUESTION 1:
> >>> Why doesn't the last logon show the same for all DC's?
> >>> Example-                DC1- Last logon 06-27-04
> >>>
> >>>                         DC2- Last logon 03-15-04
> >>>
> >>>                         DC3- Last logon Never
> >>>
> >>> When you pull true last logon using the tools it does
> > show
> >>> the 06-27-04 but again, why is it different. If it is a
> >>> single AD and there is replication (which is not
> > failing-
> >>> checked with ReplMon) shouldn't last logon show for all
> >>> DC's the same?
> >>>
> >>> QUESTION 2:
> >>>
> >>> Buildings off of Question 1--- We know that some of the
> >>> data is incorrect. We have users logging into AD to use
> >>> Exchange 2000. It is not their default logon domain.
> > The
> >>> NT4.0 trusted one is. (In most cases). The dates above
> >>> show for a current user in our organization. I know the
> >>> data is not correct because the user works in the same
> >>> building and had signed into AD/Exchange to use mail
> > all
> >>> this week.
> >>>
> >>>
> >>> Is this a possible bug with AD? Any hot fixes we should
> >>> check? Could there be a problem with the Trust if user
> >>> ID's and passwords are the same?
> >>>
> >>>
> >>.
> >>
>
>