Security Basics mailing list archives
Re: AD account information
From: MaddHatter <maddhatt+securitybasics () cat pdx edu>
Date: Sat, 9 Sep 2006 01:53:11 -0700
Steven Rakick <stevenrakick () yahoo com> said (on 2006/09/07):
From: Steven Rakick <stevenrakick () yahoo com> Subject: AD account information ... My question is this. Is the lastLogon AD account property updated any time a user authenticates to AD regardless of the service? Like, if I login to a 3rd party application which uses LDAP integration with AD for authentication, will that update the users lastLogon property in AD? -SR
This is where MSDN is great. "lastLogon is the last date and time that the user network logon was validated by the particular domain controller that is returning the property." This is NOT a replicated property, so it will be different on each domain controller. The DC holding the most recent (greatest) value for lastLogon will be the real last network logon timestamp (recorded as 100ns intervals since Jan 1 1601 UTC). If that level of granualarity is not necessary, you can make life easier for yourself by using the lastLogonTimestamp property, which is updated weekly and replicated across all the DCs. If you are concerned about 3rd-party applications, you'll have to check how those applications perform authentication. The easiest way is to note what time you log on to the 3rd-party application, then go look at the authenticating DC and see if your lastLogon timestamp updated. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- AD account information Steven Rakick (Sep 08)
- Re: AD account information MaddHatter (Sep 09)