A SWAG? I think it's because the tool is NOT looking at the lastlogontimestamp, it is looking at the regular lastlogon, which, unfortunately is still not replicated and correlated between DCs. The tools predate 2K3, so it's possible that they weren't re-written to look at lastlogontimestamp. I would wager that if you change your script to look at lastlogon instead of lastlogontimestamp AND bind to the DC shown in ADUC as the authenticating DC for "John Doe", you will see that the dates will agree. Sincerely,
D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Smith, Robin Sent: Fri 5/27/2005 11:31 AM To: '[email protected]' Subject: [ActiveDir] lastlogontimestamp Hi. Our domain is at the Windows 2003 server functional level. I have registered acctinfo.dll from the 2003 resource kit and have the Additional Account Info tab in ADUC. I am finding a big discrepancy between the lastlogontimestamp date on the Additional Account Info tab and the actual lastlogontimestamp date. For example, John Doe shoes a lastlogontimestamp of 11/23/04 in ADUC. However, if I execute the following script: Set objUser = GetObject("LDAP://cn=John Doe, ou=MOET (g14), ou=Field Users, ou=LWD Accounts, dc=njdol, dc=ad, dc=dol") Set objLastLogon = objUser.Get("lastLogonTimestamp") intLastLogonTime = objLastLogon.HighPart * (2^32) + objLastLogon.LowPart intLastLogonTime = intLastLogonTime / (60 * 10000000) intLastLogonTime = intLastLogonTime / 1440 Wscript.Echo "Last logon time: " & intLastLogonTime + #1/1/1601# (code was taken from here: http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx) I get a much more current date (5-25-05). This is happening with more than one user. Any explanation for why this happens. I've done a lot of reading this week and I understand that the lastlogontimestamp field could be off by 7-10 days but this is several months. Thanks, Robin NJDOL List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
