Lastlogontimestamp in Active Directory
If I query a users I find that the users password is expired meaning it must change at next logon. The weird this is that the account has been logon to after the password expired. the account does not have password set to not expire, and this also has not been modified.
PasswordLastSet 09 November 2009
PasswordAge 105.06:00:32.8198742
PasswordExpires [strong]08 January 2010[/strong]
LastLogonTimestamp [strong]15 February 2010[/strong]
AccountIsDisabled False
AccountIsLockedOut False
PasswordNeverExpires [strong]False[/strong]
UserMustChangePassword False
Software/Hardware used:
Active Directory
PasswordLastSet 09 November 2009
PasswordAge 105.06:00:32.8198742
PasswordExpires [strong]08 January 2010[/strong]
LastLogonTimestamp [strong]15 February 2010[/strong]
AccountIsDisabled False
AccountIsLockedOut False
PasswordNeverExpires [strong]False[/strong]
UserMustChangePassword False
Software/Hardware used:
Active Directory
ASKED:
February 23, 2010 1:06 PM
UPDATED:
May 10, 2011 9:15 AM
Answer Wiki:
Interestingly I have seen a few examples of this recently.
LastLogonTimestamp is an attribute that is replicated between domain controllers, however it is only updated every 10 to 14 days by default
Have you checked individual domain controllers to see what the lastlogon attribute is set to. One of them will show the time the user actually last logged on.
I'm not convinced that lastlogontimestamp is actually reporting the correct time of last logon.
Check if the msDS-LogonTimeSyncInterval of the domain controller has been modified to a longer than expected value
To see all answers submitted to the Answer Wiki: View Answer History.
I have checked on all DC’s and not found anything even close to this date. The last date found on any of the DC’s was the 13-Nov-2009 07:19:04 PM