[THIN] Re: OT: determine domain functional level history
- From: "James Scanlon" <James.Scanlon@xxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 10 Jun 2011 14:59:16 +0100
when the functional level changes it logs in the event log also.......?
logged in the System log:
Event Type: Information
Event Source: SAM
Event ID: 16408
Computer: Server Name
Description: "Domain operation mode has been changed to Native Mode. The
change cannot be reversed."
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of James Scanlon
Sent: 10 June 2011 14:43
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: determine domain functional level history
Steve
scrap that just found that our script (originally) was only querying
lastlogon not lastlogontimestamp...grrr
have you checked the lastlogontimestamp is in sync between DC's?
repadmin /showattr * CN=user1,OU=accounting,DC=domain,dc=com
/attrs:lastLogontimeStamp >c:\lastLogontimeStamp.txt
according to
http://msdn.microsoft.com/en-us/library/ms676824(v=vs.85).aspx
<http://msdn.microsoft.com/en-us/library/ms676824(v=vs.85).aspx>
Also:Last-Logon-Timestamp Attribute: This is the time that the user last
logged into the domain. Whenever a user logs on, the value of this
attribute is read from the DC. If the value is older [ current_time -
msDS-LogonTimeSyncInterval ], the value is updated. The initial update
after the raise of the domain functional level is calculated as 14 days
minus random percentage of 5 days. -
I read that as there SHOULD be an entry for each user?????
sorry if this is already stuff you've covered.... :)
good luck
J
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of James Scanlon
Sent: 10 June 2011 14:33
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: determine domain functional level history
steve
I thought the 'lastlogon' details were only recorded individually on
each domain controller??? (or something stupid like that)
there are apps that scan ALL domain controllers and list the most recent
date for teh lastLogonTimestamp?
In the past we used "dovestone softwares AD true last logon" i think...
James
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Snyder
Sent: 10 June 2011 14:28
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT: determine domain functional level history
So I'm pulling the lastLogonTimeStamp attribute for user accounts via
script as part of a clenaup effort, and for many accounts there's no
entry. Since this attribute is only available for a windows 2003
functional level I'm hypothsizing that these accounts simply haven't
been logged onto since the functional level was raised to 2003. Anyone
know of where/how to query AD to determine when that occurred, or if
that info is even stored?
______________________________________
C. Hoare & Co. is authorised and regulated by the Financial Services
Authority with registration no. 122093. The FSA's address is 25, The
North Colonnade, Canary Wharf, London E14 5HS.
Registered in England no. 240822. Registered office 37 Fleet St, London,
EC4P 4DQ
Confidentiality Disclaimer:
This message and attachments are confidential and may be privileged, and
are sent for the personal attention of the addressee(s). If you are not
the intended addressee, any use, disclosure or copying of this document
is unauthorised. Information transmitted by email may be intercepted,
lost, destroyed, corrupted or delayed and as a result, C. Hoare & Co. do
not accept responsibility for any errors or omissions in the contents of
this message. If you would like to confirm the contents of this email,
please request a hard copy version.
If the contents of this message are of a personal nature, the email will
have been sent in a personal capacity and not on behalf of C. Hoare &
Co.
Monitoring/Viruses:
C. Hoare & Co. may monitor all incoming and outgoing emails in line with
current legislation. Although emails are screened for viruses, C. Hoare
& Co. cannot guarantee that any transmissions will be virus free.
________________________________________
Other related posts:
