JSI Tip 7801. Using the lastLogonTimestamp attribute in Windows Server 2003.
Jerold Schulman
March 3, 2004
1 Min Read
The lastLogonTimestamp attribute is replicated across all the domain controllers in a Windows Server 2003 domain functionality level domain. It is updated for Kerberos and NTLM interactive logons.
Windows Server 2003 does NOT update the lastLogonTimestamp attribute when you perform:
Certificate mapping through Microsoft Internet Information Services (IIS).
Username and password authentication through IIS.
Microsoft .NET Passport mapping through IIS.
All Service-for-User (S4U) authentication paths.
NOTE: The DSQUERY USER DOMAINROOT -inactive weeks command uses the lastLogonTimestamp attribute.
About the Author
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
You May Also Like