Re: Attributes that Update during Computer logon


"RayRay" <RayRay@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A0B78B22-B563-4B94-8D90-2B5D2F66FA26@xxxxxxxxxxxxxxxx
Thank you very much for your response. 3 additional questions.
You mention that the computer may request its password to be reset, will
the
object request this automatically based on the 14 days password policy and
how much time is left before expiring?

The client OS requests the password reset automatically as the computer
authenticates to the domain. It only requests after the password has
expired.


Also, in reviewing the attributes for a Computer object (using a LDAP
browser) I noticed multiple attributes named "dsCorePropagationData" that
appear to be dates as well. Any idea what these are and if I would need
to
update them to simulate a logon? Microsoft lists it as "Internal Use
only."

I don't know what dsCorePropagationData is used for. I just know it is not
replicated, is in the GC, and is generalizedTime (which is different from
Integer8 attributes). When I look at the dates I don't believe it is updated
at every logon. I know I have logged on many on many days that are not
included in the collection for my computer.


Finally you mentioned that "lastLogon" was not replicated but is the
"lastLogonTimestamp" attribute? If I am not mistaken "User" objects have
this same attribute and it is replicated every 14 days. Will the
"Computer"
objects "lastLogontimestamp" function the same way?

I should have mentioned lastLogonTimeStamp. Yes, it is only updated during
logon if the previous value is more than 14 days (by default) in the past.
Once updated, the value is replicated. It works the same for user and
computer objects.


You assistance is greatly appreciated.
Thanks
Ray


I don't think you can code a script or program that will update these
attributes. They are updated by the system. I guess I have to ask why you
want to, or what is your goal? The pwdLastSet attribute, for example, cannot
be assigned a value, and it should not matter anyway. A computer can be
roving disconnected for some time and it won't matter. The password will be
reset the next time it authenticates. The lastLogon attribute shouldn't
matter either. The only issue I can think of would be identifying "stale"
computer accounts to be disabled and eventually deleted.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


.

Relevant Pages

  • Re: Attributes that Update during Computer logon
    ... You mention that the computer may request its password to be reset, ... Finally you mentioned that "lastLogon" was not replicated but is the ... This attribute is also Integer8 and is replicated. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Attributes that Update during Computer logon
    ... prior to logon but the learning curve for our users is what may be difficult ... You mention that the computer may request its password to be reset, ... in reviewing the attributes for a Computer object (using a LDAP ... Finally you mentioned that "lastLogon" was not replicated but is the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Form Validation (revisited)
    ... Geoff & Jock ... with the name "reset" - I similarly test for that and reset "emailAddress" ... >> And I'm not sure what you mean by 'usability blunder'. ... > The fact that a submit button (which causes a request to be made) is ...
    (comp.lang.php)
  • Re: I receive the same email from "Microsoft Customer Support" ev
    ... Reset your Windows Live password? ... We received your request to reset your Windows Live password. ... Follow the instructions on the web page that opens. ...
    (microsoft.public.security)
  • Re: Greensboro setlist
    ... SEVENTH SON (sign request) ... Human Touch is with the band. ... in fact as a song it's muh more of a toss off ... Like the guy you take bowling- it doesn't matter who ...
    (rec.music.artists.springsteen)
Quantcast