Part legacy. It didn't replicate in NT4, it would be a a
serious change in functionality if it all of a sudden started replicating. Some
people used that attribute to determine which DCs were being "used" the most and
processing the most auths. Also it told you where customers were authing at for
most of the time.
Part replication traffic. Consider an environment with
hundreds of thousands of users and workstations. Also consider that the
lastLogon attribute is updated multiple times, every time an auth occurs which
could occur multiple times in a single interactive auth if NTLM is being used.
That is a considerable amount of traffic for something that isn't really
regularly needed by most users or even admins.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar
Sent: Friday, October 28, 2005 4:23 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] LastLogon timestamp
was it plain simple, "too-much-replication-for-a-single-attribute" ? or anything else?
On 10/28/05, Almeida
Pinto, Jorge de <
[EMAIL PROTECTED]> wrote:
Hi Russ,
For that you need to query all DCs as the "old attribute" is not
replicated between DCs
The new lastlogontimestamp attribute only is available in DFL W2K3 and
is replicated between DCs
In both FLs you could use OLDCMP (with the users option) from
joeware.net (http://www.joeware.net/win/free/tools/oldcmp.htm)
DumpSec from SomarSoft also provides the ability to scan/query all DCs
searching for the true last logon time ( http://www.somarsoft.com/)
Cheers,
Jorge
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Rimmerman, Russ
Sent: Friday, October 28, 2005 12:56
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LastLogon timestamp
What's the easiest way to find out the last logon time of a user
account? And if you have 50 domain controllers, would you have to query
each one for it, or is this replicated some how? We're in a native
win2k domain with mostly win2k3 DCs.
Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail is confidential, may contain proprietary information of the
Cooper Cameron Corporation and its operating Divisions and may be
confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only by the
addressee. If you have received this message in error please delete it,
together with any attachments, from your system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Fortune and Love befriend the bold"
~~~~~~~~~~~~~~~~~~~~~~~~~~~
