none
Difference between lastlogon and lastlogontimestamp RRS feed

  • Question

  • Just wondering what is the Difference between lastlogon and lastlogontimestamp?
    Thanks Biswajit MCTS ,MCP 2K3, MCSA 2K3, MCSA:M 2K3, CCNA
    • Edited by bshwjt Monday, February 22, 2010 11:41 AM
    Wednesday, February 17, 2010 2:24 PM

Answers

  • For your reading enjoyment.

    http://msdn.microsoft.com/en-us/library/ms676824(VS.85).aspx

    Last-Logon-Timestamp Attribute
    This is the time that the user last logged into the domain. Whenever a user logs on, the value of this attribute is read from the DC. If the value is older [ current_time - msDS-LogonTimeSyncInterval ], the value is updated. The initial update after the raise of the domain functional level is calculated as 14 days minus random percentage of 5 days.

    http://msdn.microsoft.com/en-us/library/ms676823(VS.85).aspx
    Last-Logon Attribute
    The last time the user logged on. This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown.

    http://www.rlmueller.net/Last%20Logon.htm

    If your domain is at Windows Server 2003 functional level, there is a new attribute called lastLogonTimeStamp you can use. Like lastLogon, this attribute is Integer8 and represents the time when the user last logged onto the domain. Unlike lastLogon, this new attribute is replicated. However, it is only updated when the user logs on if the old value is more than 14 days in the past. That means the value can only be trusted if it is more than 14 days in the past, which is fine for finding old unused accounts. This behavior reduces the synchronization load while still giving administrators the information they need.

    “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”
    http://blogs.technet.com/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
    • Marked as answer by Wilson Jia Thursday, February 18, 2010 2:00 AM
    Wednesday, February 17, 2010 2:43 PM

All replies

  • For your reading enjoyment.

    http://msdn.microsoft.com/en-us/library/ms676824(VS.85).aspx

    Last-Logon-Timestamp Attribute
    This is the time that the user last logged into the domain. Whenever a user logs on, the value of this attribute is read from the DC. If the value is older [ current_time - msDS-LogonTimeSyncInterval ], the value is updated. The initial update after the raise of the domain functional level is calculated as 14 days minus random percentage of 5 days.

    http://msdn.microsoft.com/en-us/library/ms676823(VS.85).aspx
    Last-Logon Attribute
    The last time the user logged on. This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown.

    http://www.rlmueller.net/Last%20Logon.htm

    If your domain is at Windows Server 2003 functional level, there is a new attribute called lastLogonTimeStamp you can use. Like lastLogon, this attribute is Integer8 and represents the time when the user last logged onto the domain. Unlike lastLogon, this new attribute is replicated. However, it is only updated when the user logs on if the old value is more than 14 days in the past. That means the value can only be trusted if it is more than 14 days in the past, which is fine for finding old unused accounts. This behavior reduces the synchronization load while still giving administrators the information they need.

    “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”
    http://blogs.technet.com/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
    • Marked as answer by Wilson Jia Thursday, February 18, 2010 2:00 AM
    Wednesday, February 17, 2010 2:43 PM
  • It is very old post.

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Tuesday, September 24, 2013 3:26 AM
  • LastLogon reflects the last interactive logon that was authenticated by a specific domain controller. The value is not replicated to other domain controllers.

    LastLogonTimestamp reflects many other types of logons:

    • Interactive, Network and Service logons
    • Simple LDAP Bind operations
    • NTLM Network-based logons
    • Launching LDAP Queries
    • Accessing Email Servers
    • Certain types of security/group and effective permissions enumerations
    • IIS Logons
    • A Kerberos Operation known as Service-for-User-to-Self orS4u2Self”.


    LastLogonTimestamp
    is replicated to all domain controllers.




    Tuesday, October 20, 2015 2:55 PM
  • HELLO FRIENDS I WOULD LIKE TO EXPLANE THIS TOPIC IN VERY  SIMPLE LANGUAGE-

    LASTLOGON-THIS ATTRIBUTE OF USER DOES NOT REPLICATE BETWEEN DOMAIN CONTROLLER. IT AVAILABLE LOCALLY IN  THE DOMAIN CONTROLLER WHERE USER AUTHENTICATION FOR THE LOGIN ACTUALLY OCCURS. SO LASTLOGON TIME WILL BE VERY TO DC TO DC.

    LASTLOGONTIMESTAMP- THIS ATTRIBUTE OF USERS REPLICATED AMONG THE DOMAIN CONTROLLERS. BUT REPLICATION WILL DEPENDENCE ON  “MSDS-LOGONTIMESYNCINTERVAL” (YOU CAN CHECK THIS ATTRIBUTE IN ADSIEDIT(DEFAULT NAMING CONTEXT) ). THIS ATTRIBUTE WILL REPLICATE ONLY WHEN CURRENT LOGONTIMESTAMP IS OLDER THE CURRENT TIMESTAMP- MSDS-LOGONTIMESYNCINTERVAL VALUE SET IN ADSIEDIT.

    EXAMPLE –

    SUPPOSE MSDS-LOGONTIMESYNCINTERVAL IS 14 DAYS WHICH IS DEFULT VALUE.

    1.USER A LAST LOGON TIME IS 01 DEC 2017

    2.IF HE LOGS ON BEFORE 15 DEC 2017 IT WILL NOT REPLICATE THE LASTLOGONTIMESTAMP BCZ 15 DEC - 14DAY = 01 DEC WHICH IS NOT OLDER THEN LASTLOGONTIMESTAMP.

    3. IF USER LOGON AFTER 15DEC LASTLOGONTIMESTAMP WILL REPLICATE BCZ IT IS DATE WILL BE OLDER THE LASTLOGONTIMESTAMP.

    THANKS TO READ

    Thursday, November 30, 2017 1:17 AM