What is lastLogontimeStamp in Active Directory?
This is the time that the user last logged into the domain. This value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). Whenever a user logs on, the value of this attribute is read from the DC.
What is the difference between last logon and lastLogontimeStamp?
The main difference between lastlogon and lastLogonTimeStamp is that lastlogon is updated on the Domain Controller after the user interactive logon while lastLogonTimeStamp is replicated to all Domain Controller in AD Forest, the default value is 14 days.
How do I find the last login date in Active Directory?
Using native auditing to find a user’s last logon time on a workstation:
- Step 1: Open Active Directory Users and Computers and make sure Advanced features is turned on.
- Step 2: Browse and open the user account.
- Step 3: Click on Attribute Editor.
- Step 4: Scroll down to view the last Logon time.
How often is lastLogontimeStamp updated?
lastLogontimeStamp (what you are querying) is not updated on every logon, but is replicated to other domain controllers. By default it can be as much as 14 days out of date.
How accurate is Lastlogontimestamp?
Lastlogon is precise but shows when the user logged in to that specific DC and is not replicated to others. Basically Lastlogontimestamp is great for your purpose of finding stale objects in AD, but it is not very precise.
How often is Lastlogontimestamp updated?
What is Lastlogondate in Active Directory?
The Active Directory attribute lastLogon shows the exact timestamp of the user’s last successful domain authentication on the regarding domain controller. It doesn’t matter here how the user performed this logon operation – interactive, network, passed-through from a radius service or another kerberos realm.