LDAP query returns NULL data

Discussion in 'Active Directory' started by Drew, Dec 7, 2005.

  1. Drew

    Drew Guest

    I have been running a VBscript which queries for the lastlogon attribute
    using LDAP for each user on the DC. In ~10% of the accounts, the query is
    returning a NULL value, even though I know the users are logging into the
    domain with these accounts. I looked up the accounts using Microsoft's tool
    "Account lockout status" and it also shows no logon data for these accounts.

    I then installed the Acctinfo.dll file and when I look at these accounts
    using "User and Computers" and look at the "Additional Acccount Info" tab,
    the accounts that were returned with NULL values all have last logon dates
    here. So what ever method the acctinfo.dll file is using, it is able to
    access the lastlogon attribute data for these accounts, however LDAP and
    Account Lockout Status is unable to......

    anyone have any ideas as to what is causing this? I'm curious if others have
    experienced the same problem with other attributes
     
    Drew, Dec 7, 2005
    #1
    1. Advertisements


  2. Each domain controller holds its' own last logon attribute.
    You have to interrogate all of them.

    In W2K3, there is lastLogonTimeStamp.
    See tip 9800 ยป How is the lastLogonTimeStamp attribute replicated in a Windows Server 2003 domain?
    in the 'Tips & Tricks' at http://www.jsifaq.com


    Jerold Schulman
    Windows Server MVP
    JSI, Inc.
    http://www.jsiinc.com
    http://www.jsifaq.com
     
    Jerold Schulman, Dec 7, 2005
    #2
    1. Advertisements

  3. Drew

    Drew Guest

    I'm aware of this. I can directly connect to DC3, look at the accout info
    tab, get the last logon value for a user on DC3. The run an LDAP query on
    that user, on DC3, and it returns a NULL value
     
    Drew, Dec 7, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.