Page 1 of 1

True Last Logon

Posted: Thu Oct 23, 2008 3:37 am
by TonyF
Hi, I've been looking at a few auditing tools and had one reservation about selecting AD Reports for my company:

Identifying the true last logon - you mention this on your site yet I have seen incosnsistencies when running the tool (i.e. When I run the 30 days inactive users report the Last logon column shows "Never", but if I enquire on all users the same usert has a value of 5th September 2008).
I've seen other tools that trawl the Domain controller AND pull in the replicated "Last Login Timestamp" to give a better last login value.

I'll hold making a decision on these for a few days, but would appreciate some feedback.

Posted: Fri Nov 07, 2008 2:00 pm
by IgorMax
TonyF,

Thank You for trying our product and reporting this issue. We found this problem. It occurs in multi domain controller environment for "Never Logged On Users" and "Inactive Users" reports if one of the DCs does not have "lastlogon" attribute for that user. The problem is fixed and our next release will be available within a couple of weeks.

Regarding Last-Logon-Timestamp Attribute. The initial update after the raise of the domain functional level is calculated as 14 days minus random percentage of 5 days according to Microsoft http://msdn.microsoft.com/en-us/library ... S.85).aspx.

What we are doing is we are querying every DC in a domain, comparing "lastlogon" attribute and select the latest one.

Thank You,
Igor.