There might be two reasons for that: 1. The DC you are looking on has never authenticated those computers. Have a look at the other DCs in the domain. 2. You can't see the attribute values with tool you are using. Try with LDP or ADSIEdit.
The computer class inherits all the attributes of the user class, so the attributes should be present. This is the reason why, if you perform an ldap search for (objectClass=User), you see computer objects returned in the result. The way around this is to include the objectCategory, e.g. (&(objectClass=User)(objectCategory=Person)) will return only User objects. Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jones, Rick J.(Desktop Engineering) Sent: Friday, March 28, 2003 4:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Last Logon Details What I have found is that those entries are empty on a computer account, a user account is different but the computer account seems to not have anything in those set at all on any of the DCs. Rick J. Jones -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 11:57 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Last Logon Details Rick That's a tricky one. There are two attributes (pwdLastSet and lastLogon) that could help you. The unfortunate thing is that these attributes are not replicated between DCs. This means that in order to get up-to-date information you need to query every DC in the domain. This may be ok for small environments, but is impractical for organisations with larger infrastructures. Things improve with Windows Server 2003 AD with the introduction of the lastLogonTimestamp attribute which *is* replicated and gives an approximate time of the last logon. It's approximate because it is only updated at 1 week intervals (to cut down on replication traffic). This feature requires the Windows Server 2003 domain functional level. Some further info here. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodt echnol/windowsserver2003/proddocs/server/dsadmin_concepts_accounts.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschem a/ad/win2k3only_a_lastlogontimestamp.asp Tony -----Original Message----- From: Jones, Rick J.(Desktop Engineering) [mailto:[EMAIL PROTECTED] Sent: Freitag, 28. März 2003 00:18 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Last Logon Details Hi; I am trying to retrieve the last logon account information for a specific computer account from Active Directory. Does anyone have a script to do this? Or... If you have another way to determine when the system last logged onto the network. This is so we can verify that the account is an active entry. Rick J. Jones List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
