I've read the existing questions regarding the computer LastLogonTimestamp, and cannot seem to find an exact answer to this question. Possibly it was answered and I didn't understand the answer or overlooked it.
I understand the relationship to the ms-DS-Logon-Time-Sync-Interval and that it is only going to update at minimum, when this condition (14 days plus or minus 5% by default) has been met. What I still don't understand is, once this condition has been met, what other events will specifically update the computer LastLogonTimestamp, and/or are these events the same as the ones that will update this attribute for theuser LastLogonTimestamp?
I am not a domain admin (and no genius), but I'm being asked to pull information from AD to track down obsolete/unused computers, which I understand is exactly what this attribute is for. But I have to fully understand and explain the attribute before I go to my boss with a report that is based on it. I've been using the PwdLastSet attribute, but he wants to report on a shorter interval so I'm trying to understand this attribute.
For instance, if a computer sits on, connected to the domain, but no user ever logs on, will it update this attribute only when the PwdLastSet attribute updates every 30 days? Or if a user is logged on and never logs off, what authentication events, performed by the user, will update the computer LastLogonTimestamp attribute? Does a simple user logon update the computer LastLogonTimestamp? Any help you can provide would be appreciated.
It might be worth noting that we have some 8,700 computers whose PwdLastSet attribute has changed in the last 60 days, but over 14,000 computer names in AD. These computers are spread out across North America. A visual inventory is not an option.
Thanks
MikeHess2112