[THIN] Re: OT: determine domain functional level history
- From: Steve Snyder <kwajalein@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Fri, 10 Jun 2011 16:15:29 +0200
haven't verified replication yet, but yep lastlogon is stored on the
individual DCs (so a script would have to query all of them) whilst the
lastlogontimestamp is replicated, but only on w2k3 functional level or
higher. I'm going to pull creationdates first and see if that helps me. I
created a new account and it has no entry for the lastlogontimestamp so I'm
pretty sure it is null until the account is logged on at least once
On Fri, Jun 10, 2011 at 3:42 PM, James Scanlon <
James.Scanlon@xxxxxxxxxxxxxxxx> wrote:
> Steve
>
> scrap that just found that our script (originally) was only querying
> lastlogon not lastlogontimestamp...grrr
> have you checked the lastlogontimestamp is in sync between DC's?
>
> repadmin /showattr * CN=user1,OU=accounting,DC=domain,dc=com /attrs:*
> lastLogontimeStamp* >c:\*lastLogontimeStamp*.txt
> according to
> http://msdn.microsoft.com/en-us/library/ms676824(v=vs.85).aspx
> Also:Last-Logon-Timestamp Attribute: This is the time that the user last
> logged into the domain. Whenever a user logs on, the value of this attribute
> is read from the DC. If the value is older [ current_time -
> msDS-LogonTimeSyncInterval ], the value is updated. The initial update
> after the raise of the domain functional level is calculated as 14 days
> minus random percentage of 5 days. -
> I read that as there SHOULD be an entry for each user?????
>
> sorry if this is already stuff you've covered.... :)
> good luck
>
> J
> ------------------------------
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *James Scanlon
> *Sent:* 10 June 2011 14:33
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: OT: determine domain functional level history
>
> steve
> I thought the 'lastlogon' details were only recorded individually on each
> domain controller??? (or something stupid like that)
> there are apps that scan ALL domain controllers and list the most recent
> date for teh lastLogonTimestamp?
>
> In the past we used "dovestone softwares AD true last logon" i think...
> James
>
>
> ------------------------------
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Steve Snyder
> *Sent:* 10 June 2011 14:28
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] OT: determine domain functional level history
>
> So I'm pulling the lastLogonTimeStamp attribute for user accounts via
> script as part of a clenaup effort, and for many accounts there's no entry.
> Since this attribute is only available for a windows 2003 functional level
> I'm hypothsizing that these accounts simply haven't been logged onto since
> the functional level was raised to 2003. Anyone know of where/how to query
> AD to determine when that occurred, or if that info is even stored?
>
> *__________________________________**____*
>
>
>
> C. Hoare & Co. is authorised and regulated by the Financial Services
> Authority with registration no. 122093. The FSA’s address is 25, The North
> Colonnade, Canary Wharf, London E14 5HS.
>
> Registered in England no. 240822. Registered office 37 Fleet St, London,
> EC4P 4DQ
>
>
>
> Confidentiality Disclaimer:
>
> This message and attachments are confidential and may be privileged, and
> are sent for the personal attention of the addressee(s). If you are not the
> intended addressee, any use, disclosure or copying of this document is
> unauthorised. Information transmitted by email may be intercepted, lost,
> destroyed, corrupted or delayed and as a result, C. Hoare & Co. do not
> accept responsibility for any errors or omissions in the contents of this
> message. If you would like to confirm the contents of this email, please
> request a hard copy version.
>
>
>
> If the contents of this message are of a personal nature, the email will
> have been sent in a personal capacity and not on behalf of C. Hoare & Co.
>
>
>
> Monitoring/Viruses:
>
> C. Hoare & Co. may monitor all incoming and outgoing emails in line with
> current legislation. Although emails are screened for viruses, C. Hoare &
> Co. cannot guarantee that any transmissions will be virus free.
>
> *__**________________________________**__**____*
>
> **
>
Other related posts:
