I am sure that everyone who administrates AD runs into this problem at some point.
Here is an article that thoroughly lays it all out.
http://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx
The summary of this article is, that if you want to find out the TRUE last logon activity for a user, it is best to use the command
Search-ADAccount -AccountInactive -DateTime ((get-date).adddays(-90)) -UsersOnly
If you are ONLY interested in dates that are more than 14 days ago, then you can safely use the "LASTLOGONDATE" attribute.
Less than 14 days of viewing and you cannot rust this attribute. You must get fancy and query all of the DC's individually.
No comments:
Post a Comment