JSI Tip 7801. Using the lastLogonTimestamp attribute in Windows Server 2003.

Jerold Schulman

March 3, 2004

1 Min Read
ITPro Today logo in a gray background | ITPro Today

The lastLogonTimestamp attribute is replicated across all the domain controllers in a Windows Server 2003 domain functionality level domain. It is updated for Kerberos and NTLM interactive logons.

Windows Server 2003 does NOT update the lastLogonTimestamp attribute when you perform:

Certificate mapping through Microsoft Internet Information Services (IIS).

Username and password authentication through IIS.

Microsoft .NET Passport mapping through IIS.

All Service-for-User (S4U) authentication paths.

NOTE: The DSQUERY USER DOMAINROOT -inactive weeks command uses the lastLogonTimestamp attribute.



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like