Lastlogon=0

  • 73 Views
  • Last Post 29 September 2015
kennedyjim posted this 22 September 2015

Asking for a friend.

Lastlogon on ALL DC's is 0. But lastlogondate and lastlogontimestamp are valid. My only theory is Lastlogon was to a now decommissioned DC and the user has not logged on since that DC was decommissioned. Waiting on verification that there is in fact a decommissioned DC in the mix.

Any other ideas?
.+-�w��i��0��-�����+���֬

Order By: Standard | Newest | Votes
ZJORZ posted this 22 September 2015

Remember, that lastLogontimestamp is updated in several scenarios, while the user HAS NOT actively logged on.

For example, when you check for effective permissions or replicate the password of a user (populate) to an RODC, the lastLogonTimestamp gets updated

Met vriendelijke groeten / Kind regards,

Jorge de Almeida Pinto
o: JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx
J: +31 (0)6 26.26.62.80

show

gabriel/tfi posted this 26 September 2015

Hey Jorge,

Could you point me to some document that would list all cases in which the lastLogontimestamp would be updated "systematically"? (without the user not actively loggin on?)

Thanks! - Gabriele.

show

ZJORZ posted this 27 September 2015

See for more info:
http://blogs.technet.com/b/askpfeplat/archive/2014/04/14/how-lastlogontimestamp-is-updated-with-kerberos-s4u2self.aspx


Met vriendelijke groeten / Kind regards,

Jorge de Almeida Pinto
o: JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx
J: +31 (0)6 26.26.62.80

show

gabriel/tfi posted this 29 September 2015

Great Thanks!

show

Close