Hi.
One of my clients has a few ad objects (users and computers) that has a lastlogontimestamp that is in the future. For instance the Administrator account has the following value "132437449900141250", translated 2020-09-05 03:03:10.
How I believe it happend:
- In the past a DC was way off, a few years.
- The administrator logged on, and the DC updated the lastlogontimestamp.
- The time was reset on the DC.
Now if I try to clear the lastlogontimestamp I get the following reply:
***Call Modify...
ldap_modify_s(ld, 'CN=Administrator,CN=Users,DC=company,DC=local',[1] attrs);
Error: Modify: Unwilling To Perform. <53>
Server error: 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0
Error 0x209A Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM).
-----------
from the MSDN site about the errorcode:
ERROR_DS_ATTRIBUTE_OWNED_BY_SAM
- 8346 (0x209A)
Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM).
Oscar Virot