"Last logon time" & "Last time the account was authenticated by AD

Discussion in 'Active Directory' started by sekhar, Aug 30, 2007.

  1. sekhar

    sekhar Guest

    Environment: Windows 200

    Are "Last logon time" and "Last time the account was authenticated by AD"
    the same? We have the requirement to identify the last time that account was
    used or accessed.

    Currently I am generating a report that will query all the DCs and will get
    the updated Last logon time. But this is not always correct?

    "Last logon time" & "Last time the account was authenticated by AD" the same?
     
    sekhar, Aug 30, 2007
    #1
    1. Advertisements

  2. sekhar

    net_admin Guest

    Auditing guys asked me the same thing and I used DumpSec to query that from AD.
    They were satisfied.
     
    net_admin, Aug 30, 2007
    #2
    1. Advertisements

  3. Yes, the last time an account authenticated in AD will be the date/time that
    corresponds to the value of the lastLogon attribute. Just remember that the
    lastLogon attribute is not replicated. For any user or computer object a
    different value is saved on every Domain Controller. You must query all DC's
    in the domain to get the largest (latest) value.

    For most purposes, the lastLogonTimeStamp attribute will suffice. This
    attribute is only updated during logon if the old value is at least 14 (by
    default) days in the past, but the value is replicated. You only need to
    query one DC (any DC). The value is accurate if it corresponds to a date
    more than 14 days in the past.

    Both attributes are Integer8, so they are 64-bit numbers representing dates
    in UTC as the number of 100-nanosecond intervals since 12:00 AM January 1,
    1601. The 64-bit value must be converted to a date/time in the current time
    zone.

    I believe you can use Joe Richards' oldcmp utility for this:

    http://www.joeware.net/win/free/tools/oldcmp.htm

    And I have a VBScript program to retrieve lastLogon for all users in the
    domain linked here:

    http://www.rlmueller.net/Last Logon.htm
     
    Richard Mueller [MVP], Aug 30, 2007
    #3
  4. I should have stated that the lastLogonTimeStamp attribute is only available
    if the domain is at Windows 2003 functional level. It is replicated. The
    lastLogon attribute is never replicated.
     
    Richard Mueller [MVP], Aug 30, 2007
    #4
  5. sekhar

    sekhar Guest

    Hi All,

    Thank you for responses. I do have a script that extracts last logon details
    of all the users in the domain. It quires all the domain controller and get
    the update value.

    My question is, Is the "Last logon time" & "Last time the account was
    authenticated" the same?

    Example:

    "User A" is logged on the computer and trying to access one of the
    application or any resource using "User B" account. Will the last logon time
    stamp change for User B?

    Hi All,

    Thank you for responses. I do have a script that extracts last logon details
    of all the users in the domain. It quires all the domain controller and get
    the update value.

    My question is, Is the "Last logon time" & "Last time the account was
    authenticated" the same?

    Example:

    "User A" is logged on the computer and trying to access one of the
    application or any resource using "User B" account. Will the last logon time
    stamp change for User B?
     
    sekhar, Aug 30, 2007
    #5
  6. Yes, they are the same. I find that lastLogon is updated whenever
    credentials (username and password) are supplied, even by a different user.
    It's the last time the DC authenticated the username\password combination.

    --
    Richard Mueller
    Microsoft MVP Scripting and ADSI
    Hilltop Lab - http://www.rlmueller.net
     
    Richard Mueller [MVP], Aug 30, 2007
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.