Hello, we have a script that run and flags stale user accounts. the script searches *each* DC in the domain, pulls lastlogon attribute data, and compares the data to discover the most recent date/time.
The script also pulls lastlogontimestamp.
In a few cases (users) lastlogontimestamp is NEWER by weeks or months than the lastlogon attribute.
all DCs in the domain at 2012 R2. Domain and Forest functional levels are 2008 R2.
two questions:
1) what would cause the lastlogon attribute to not get updated on a single DC while the lastlogontimestamp is somehow updated and newer and replicated (after the 9-14 day interval)?
2) how is the lastlogontimestamp getting updated when the lastlogon attribute is not (for these select few users)?
For Example:
User DC LASTLOGON LASTLOGONTIMESTAMP
USER1 ADDC1 5/1/2015 16:33 11/4/2015 10:59
Normally one would expect the lastlogon to be the same as or newer than lastlogontimestamp. and if no DC has a lastlogon greater than 5/1/2015, how in the heck is lastlogontimestamp being updated to 11/4/2015????
Thank you,
Robert
The script also pulls lastlogontimestamp.
In a few cases (users) lastlogontimestamp is NEWER by weeks or months than the lastlogon attribute.
all DCs in the domain at 2012 R2. Domain and Forest functional levels are 2008 R2.
two questions:
1) what would cause the lastlogon attribute to not get updated on a single DC while the lastlogontimestamp is somehow updated and newer and replicated (after the 9-14 day interval)?
2) how is the lastlogontimestamp getting updated when the lastlogon attribute is not (for these select few users)?
For Example:
User DC LASTLOGON LASTLOGONTIMESTAMP
USER1 ADDC1 5/1/2015 16:33 11/4/2015 10:59
Normally one would expect the lastlogon to be the same as or newer than lastlogontimestamp. and if no DC has a lastlogon greater than 5/1/2015, how in the heck is lastlogontimestamp being updated to 11/4/2015????
Thank you,
Robert