Active Directory LastLogon and SharePoint Audit Not Matching


  • I currently use a script that check's the lastlogon on all dc's in our domain.

    this information does not match the audit information from sharepoint - we are effectively disabling active accounts because of this. how do you get sharepoint logons to appear in AD? Shouldn't it match since it is authenticating against AD?

    also, when an admin resets the user's password this changes the "last logon date" to the date the password was set - I assume Microsoft's attempt to distinguish if there is 'activity" on an account (it will show a matching "whenchanged" field date for unlock and "passwordlastset" date for password reset - however our security requires disabling accounts without a login in the last 90 days.

    How do we get the most accurate lastlogon? with all the "last logon" fields in AD you would think one would work right :/

    Thoughts? This is becoming very frustrating to definitively manage, as we are basically providing inaccurate reporting.

    I used to be an adventurer too, until I took an arrow to the knee.

    • Moved by nzpcmad1 Sunday, February 28, 2016 6:05 PM From ADFS
    Thursday, February 4, 2016 4:24 PM

All replies