Re: "Last logon time" & "Last time the account was authenticated b

Tech-Archive recommends: Speed Up your PC by fixing your registry

Yes, they are the same. I find that lastLogon is updated whenever
credentials (username and password) are supplied, even by a different user.
It's the last time the DC authenticated the username\password combination.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"sekhar" <sekhar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:718D3C71-B457-4179-8DFE-CA3F7B1BFA36@xxxxxxxxxxxxxxxx
Hi All,

Thank you for responses. I do have a script that extracts last logon
details
of all the users in the domain. It quires all the domain controller and
get
the update value.

My question is, Is the "Last logon time" & "Last time the account was
authenticated" the same?

Example:

"User A" is logged on the computer and trying to access one of the
application or any resource using "User B" account. Will the last logon
time
stamp change for User B?

"Richard Mueller [MVP]" wrote:


"Tjeerd Seinen" <t.seinen@xxxxxxxxxxxxxx> wrote in message
news:1188486635.507550.5320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 30, 4:23 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxxxxxxxxxxxxxxxx> wrote:
sekhar wrote:
Environment: Windows 200

Are "Last logon time" and "Last time the account was authenticated
by
AD"
the same? We have the requirement to identify the last time that
account
was
used or accessed.

Currently I am generating a report that will query all the DCs and
will
get
the updated Last logon time. But this is not always correct?

"Last logon time" & "Last time the account was authenticated by AD"
the
same?

Yes, the last time an account authenticated in AD will be the
date/time
that
corresponds to the value of the lastLogon attribute. Just remember
that
the
lastLogon attribute is not replicated. For any user or computer object
a
different value is saved on every Domain Controller. You must query
all
DC's
in the domain to get the largest (latest) value.

For most purposes, the lastLogonTimeStamp attribute will suffice. This
attribute is only updated during logon if the old value is at least 14
(by
default) days in the past, but the value is replicated. You only need
to
query one DC (any DC). The value is accurate if it corresponds to a
date
more than 14 days in the past.

Both attributes are Integer8, so they are 64-bit numbers representing
dates
in UTC as the number of 100-nanosecond intervals since 12:00 AM
January
1,
1601. The 64-bit value must be converted to a date/time in the current
time
zone.

I believe you can use Joe Richards' oldcmp utility for this:

http://www.joeware.net/win/free/tools/oldcmp.htm

And I have a VBScript program to retrieve lastLogon for all users in
the
domain linked here:

http://www.rlmueller.net/Last%20Logon.htm

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -http://www.rlmueller.net
--

The login time/date is only replicated in windows 2003, in windows
2000 you need to query every DC and merge the results.

You might consider
http://www.tools4ever.com/products/utilities/reallastlogon/,
free trail with full functionality so will get your report.


I should have stated that the lastLogonTimeStamp attribute is only
available
if the domain is at Windows 2003 functional level. It is replicated. The
lastLogon attribute is never replicated.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--




Hi All,

Thank you for responses. I do have a script that extracts last logon
details
of all the users in the domain. It quires all the domain controller and
get
the update value.

My question is, Is the "Last logon time" & "Last time the account was
authenticated" the same?

Example:

"User A" is logged on the computer and trying to access one of the
application or any resource using "User B" account. Will the last logon
time
stamp change for User B?



.

Relevant Pages

  • Re: Attributes that Update during Computer logon
    ... prior to logon but the learning curve for our users is what may be difficult ... You mention that the computer may request its password to be reset, ... in reviewing the attributes for a Computer object (using a LDAP ... Finally you mentioned that "lastLogon" was not replicated but is the ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD/E2K Last User Logon Question
    ... In Win2K, the lastlogon is not replicated among all the DCs, so you will get ... I have also just read that Hyena's Reporter will do the aggregation for you. ... > last logon date for each user account: ... > single AD and there is replication (which is not failing- ...
    (microsoft.public.exchange2000.active.directory.integration)
  • Re: what time user logs on on W2003 domain
    ... Unless you audit all logon and logoff events, ... Also, both lastLogon and lastLogonTimeStamp are Integer8, 64-bit values ... I have example VBScript programs to document the last logon times for all ... I also have sample VBScript logon and logoff scripts linked on this page ...
    (microsoft.public.windows.server.general)
  • Re: Determine Last Date of Computer Logon in AD Domain
    ... The best tool for finding and dealing with old computer accounts is Joe ... Richards free oldcmp. ... I have two example VBScript programs that find the last logon ... The first program on the page uses the lastLogon attribute, ...
    (microsoft.public.windows.server.active_directory)
  • Re: "Last logon time" & "Last time the account was authenticated b
    ... I do have a script that extracts last logon details ... the updated Last logon time. ... corresponds to the value of the lastLogon attribute. ...
    (microsoft.public.windows.server.active_directory)