Answered by:
Difference between lastlogon and lastlogontimestamp
Question
-
Answers
-
For your reading enjoyment.
http://msdn.microsoft.com/en-us/library/ms676824(VS.85).aspx
Last-Logon-Timestamp Attribute
This is the time that the user last logged into the domain. Whenever a user logs on, the value of this attribute is read from the DC. If the value is older [current_time - msDS-LogonTimeSyncInterval], the value is updated. The initial update after the raise of the domain functional level is calculated as 14 days minus random percentage of 5 days.http://msdn.microsoft.com/en-us/library/ms676823(VS.85).aspx
Last-Logon Attribute
The last time the user logged on. This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown.
http://www.rlmueller.net/Last%20Logon.htm
If your domain is at Windows Server 2003 functional level, there is a new attribute called lastLogonTimeStamp you can use. Like lastLogon, this attribute is Integer8 and represents the time when the user last logged onto the domain. Unlike lastLogon, this new attribute is replicated. However, it is only updated when the user logs on if the old value is more than 14 days in the past. That means the value can only be trusted if it is more than 14 days in the past, which is fine for finding old unused accounts. This behavior reduces the synchronization load while still giving administrators the information they need.
“The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”
http://blogs.technet.com/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx- Marked as answer by Wilson Jia Thursday, February 18, 2010 2:00 AM
All replies
-
For your reading enjoyment.
http://msdn.microsoft.com/en-us/library/ms676824(VS.85).aspx
Last-Logon-Timestamp Attribute
This is the time that the user last logged into the domain. Whenever a user logs on, the value of this attribute is read from the DC. If the value is older [current_time - msDS-LogonTimeSyncInterval], the value is updated. The initial update after the raise of the domain functional level is calculated as 14 days minus random percentage of 5 days.http://msdn.microsoft.com/en-us/library/ms676823(VS.85).aspx
Last-Logon Attribute
The last time the user logged on. This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown.
http://www.rlmueller.net/Last%20Logon.htm
If your domain is at Windows Server 2003 functional level, there is a new attribute called lastLogonTimeStamp you can use. Like lastLogon, this attribute is Integer8 and represents the time when the user last logged onto the domain. Unlike lastLogon, this new attribute is replicated. However, it is only updated when the user logs on if the old value is more than 14 days in the past. That means the value can only be trusted if it is more than 14 days in the past, which is fine for finding old unused accounts. This behavior reduces the synchronization load while still giving administrators the information they need.
“The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”
http://blogs.technet.com/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx- Marked as answer by Wilson Jia Thursday, February 18, 2010 2:00 AM
-
Another helpful page:
http://www.selfadsi.org/ads-attributes/user-lastLogonTimestamp.htm
-
Another helpful link:
http://www.selfadsi.org/ads-attributes/user-lastLogonTimestamp.htm
-
-
LastLogon reflects the last interactive logon that was authenticated by a specific domain controller. The value is not replicated to other domain controllers.
LastLogonTimestamp reflects many other types of logons:
- Interactive, Network and Service logons
- Simple LDAP Bind operations
- NTLM Network-based logons
- Launching LDAP Queries
- Accessing Email Servers
- Certain types of security/group and effective permissions enumerations
- IIS Logons
- A Kerberos Operation known as Service-for-User-to-Self or “S4u2Self”.
LastLogonTimestamp is replicated to all domain controllers.
- Edited by Kirk Lashbrook Tuesday, October 20, 2015 7:52 PM
-
HELLO FRIENDS I WOULD LIKE TO EXPLANE THIS TOPIC IN VERY SIMPLE LANGUAGE-
LASTLOGON-THIS ATTRIBUTE OF USER DOES NOT REPLICATE BETWEEN DOMAIN CONTROLLER. IT AVAILABLE LOCALLY IN THE DOMAIN CONTROLLER WHERE USER AUTHENTICATION FOR THE LOGIN ACTUALLY OCCURS. SO LASTLOGON TIME WILL BE VERY TO DC TO DC.
LASTLOGONTIMESTAMP- THIS ATTRIBUTE OF USERS REPLICATED AMONG THE DOMAIN CONTROLLERS. BUT REPLICATION WILL DEPENDENCE ON “MSDS-LOGONTIMESYNCINTERVAL” (YOU CAN CHECK THIS ATTRIBUTE IN ADSIEDIT(DEFAULT NAMING CONTEXT) ). THIS ATTRIBUTE WILL REPLICATE ONLY WHEN CURRENT LOGONTIMESTAMP IS OLDER THE CURRENT TIMESTAMP- MSDS-LOGONTIMESYNCINTERVAL VALUE SET IN ADSIEDIT.
EXAMPLE –
SUPPOSE MSDS-LOGONTIMESYNCINTERVAL IS 14 DAYS WHICH IS DEFULT VALUE.
1.USER A LAST LOGON TIME IS 01 DEC 2017
2.IF HE LOGS ON BEFORE 15 DEC 2017 IT WILL NOT REPLICATE THE LASTLOGONTIMESTAMP BCZ 15 DEC - 14DAY = 01 DEC WHICH IS NOT OLDER THEN LASTLOGONTIMESTAMP.
3. IF USER LOGON AFTER 15DEC LASTLOGONTIMESTAMP WILL REPLICATE BCZ IT IS DATE WILL BE OLDER THE LASTLOGONTIMESTAMP.
THANKS TO READ