Hello, I saw this question / issue several time but couldn´t find the explanation. User needs to change their password every 30 days (no Fine-Grained Password Policy). I have an user object with an pwdLastSet 8/4/2014. The lastLogon attribute is set to 10/30/2014 on one DC and empty on all other DCs (normal behavior).
The lastLogonTimestamp attribute however is set to 7/25/2015 (on all DCs) for that user object.
How is this possible or what can cause an update of the lastLogonTimestamp attribute although the password of the user object is expired ? This circumstance brakes our process to identify inactive users.