Re: lastLogonTimestamp
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Wed, 17 May 2006 20:50:08 -0400
The attribute doesn't get set on an account until that account does a logon that fires the DC to update the stamp.
If you want, run oldcmp with
oldcmp -report -users -llts -age 0 -sh
Then look at the report and the lastLogonTimeStamp column and it will show you the current value for all of the users.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Chris wrote:
OK, OldCmp reported that the Domain Mode is Windows Server 2003 Domain Mode which I take to mean it's set up correctly. Does the lastLogonTimestamp not exist at all until it is updated or is its value equal zero? If it has a value of zero then why would the script fail at the "Set objLastLogon = objUser.Get("lastLogonTimestamp")" statement?.
Thanks,
Chris
"Joe Richards [MVP]" wrote:
It takes a while for those values to be populated. They aren't updated every logon, only every 7 days by default.
If you want to know for sure if your domain is in the right mode for doing lastLogonTimeStamp download oldcmp (google it) and use the -llts option. If your domain isn't in the right mode it will tell you.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Chris wrote:Hi Joe,
I had changed the functional mode to 2003 a short while before (at least that's what I think I did) via the AD Domains and Trusts plugin. It seemed to have no effect. Do I need to reboot or bide my time. There are no other DCs in the domain so I would think replication might not be an issue but I dunno...
Thanks for your quick response.
Chris
"Joe Richards [MVP]" wrote:
lastLogonTimeStamp is only available in Domain Functional Mode 2 (Windows Server 2003 Mode), most likely you are in Windows 2000 Mode.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Chris wrote:I've been trying to find out the last time users had logged onto our domain. I discovered a script here at the TechNet Script Center. I adapted to what I wanted to query but I ran into an error: "The directory property cannot be found in the cache." This occured at the statement executing: Set objLastLogon = objUser.Get("lastLogonTimestamp")
I'm afraid I know very little about AD or LDAP so I can't imagine what would be the problem. The server is running Windows Server 2003. The code I used is as follows:
Set objUser = GetObject("LDAP://CN=Ed Fred,CN=Users,DC=CDPSCITRIX,DC=SAFETY,DC=STATE,DC=CO,DC=US")
Set objLastLogon = objUser.Get("lastLogonTimestamp")
intLastLogonTime = objLastLogon.HighPart * (2^32) + objLastLogon.LowPart
intLastLogonTime = intLastLogonTime / (60 * 10000000)
intLastLogonTime = intLastLogonTime / 1440
Wscript.Echo "Last logon time: " & intLastLogonTime + #1/1/1601#
Could someone assist me on this?
Thanks!
- Follow-Ups:
- Re: lastLogonTimestamp
- From: Chris
- Re: lastLogonTimestamp
- References:
- Re: lastLogonTimestamp
- From: Joe Richards [MVP]
- Re: lastLogonTimestamp
- From: Joe Richards [MVP]
- Re: lastLogonTimestamp
- From: Chris
- Re: lastLogonTimestamp
- Prev by Date: Re: Add a new DC to a new branch
- Next by Date: Re: Indexing attributes for containerized searches
- Previous by thread: Re: lastLogonTimestamp
- Next by thread: Re: lastLogonTimestamp
- Index(es):
Relevant Pages
|
