I'm using LastLogonTimeStamp property of user in Active Directory to get the Last logon date time, Value isn't consistent,
Any one else faced same issue?
Can we trust the LastLogonTimeStamp?
Update: It's just one Domain Controller
+1
A:
Do you have a network with several DC (domain controllers)? They might be out of sync since the LastLogonTimeStamp will be updated on the DC that the user actually logs on, and synchronization might take some time.
Marc
marc_s
2009-05-11 18:14:43
Marc, It's just one Domain Controller. For some users it's showing a days or two late.
Sathish Naga
2009-05-11 19:17:39
+1
A:
If you ever plan to have more than one DC, then LastLogonTimeStamp may not a reliable method for determining something like whether or not an account has grown "stale", since that attribute is not replicated to other DCs in many (most?) scenarios, depending on your domain functional level.
A better method for determining this is to look at "password age" (via the PasswordLastChanged attribute). For example, if someone hasn't reset their password a week or two after it has expired (or some other time span depending on your particular environment), then there is a good chance that you have an orphaned account there.
Doug Seelinger
2009-05-12 12:30:18
It's going to be on one DC. I'm need the last login date, I dont think i can use the password age. I'm not sure how can i use that for last login datetime?
Sathish Naga
2009-05-15 00:24:32
+2
A:
http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx
You would only use lastLogonTimeStamp if you have alot of domain controllers and don't need the most accurate results. With a single domain controller use the lastLogon attribute.