Unfortunately my results have found that none of the DC's have that value set on them for any of the accounts I checked. Now I am wondering what would need to be changed on the DC that would "turn on" that feature on the DC so that it logs that information.
The only other way I can figure out to isolate dead accounts is by checking how many times a system has logged into each of the DC's (that info is there), total that up and estimate based on how old the account is (when account created is there), if this is an active account. I do not like this method though, since it has no real specific I can tie to as to the last activity of the system. Rick J. Jones -----Original Message----- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Last Logon Details Just to clarify something... lastLogon is an optional attribute, meaning that any particular object may or may not have a value for that attribute. In LDAP directories, if an attribute does not have a value, the attribute "doesn't exist" for that object; there is no notion of a "null" or empty value. So running a query and getting no indication for the lastLogon value doesn't tell you anything other than that particular object doesn't have a value for lastLogon. In addition, the lastLogon value is not replicated; each DC in the domain has a separate copy of the lastLogon attribute for each user. So the results you get when querying the lastLogon attribute will vary depending on which DC you happen to be connected to. In this case, the dsquery results probably indicate that the machine has never authenticated to the DC you happened to be connected to. Dsquery probably has a switch that lets you specify the host name of the DC. HTH, -gil -----Original Message----- From: Jones, Rick J.(Desktop Engineering) [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 2:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Last Logon Details Nuttin... :( C:\>dsquery * DC=attws,DC=com -filter name=wad11020576 -attr lastLogon C:\> Rick J. Jones -----Original Message----- From: Al Lilianstrom [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 12:39 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Last Logon Details Jones, Rick J.(Desktop Engineering) wrote: > C:\>dsquery computer -name wad11020576 > "CN=WAD11020576,OU=Engineering,OU=Desktop,DC=wireless,DC=attws,DC=com" > > but when I try > C:\>dsquery computer -name wad11020576 -attr lastLogon > `-attr' is an unknown parameter. Try dsquery * DC=attws,DC=com -filter name=wad11020576 -attr lastLogon al > Ldifde I don't have at my disposal at the moment. > > Rick J. Jones > > -----Original Message----- > From: Al Lilianstrom [mailto:[EMAIL PROTECTED] > Sent: Friday, March 28, 2003 9:45 AM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] Last Logon Details > > Jones, Rick J.(Desktop Engineering) wrote: > >>Using ADSIedit, I examined the Schema for CN=Computer and it does not > > have an entry for lastLogon so... does that mean that we would need to > add it to the Schema and then would start populating from the DC's? > >>Rick J. Jones >> > > > You should not have to add anything. > > You might want to try a alternate way of viewing lastLogon. If you have > XP try > > dsquery * dc=your,dc=domain -filter name='computername' -attr lastlogon > > This should give you something like > > lastlogon > 126932432713370885 > > for output. > > You can also use ldifde. (May wrap) > > c:\> ldifde -f c.tmp -s yourdc -d "dc=your,dc=domain" -r > "name=computername" -l "lastlogon" > > c:\> type c.tmp|find "lastLogon" > > lastLogon: 126933401349707772 > > Of course you have to convert that number to a date. I have an example > in Perl if you want it. > > al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
