Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AD account information

From: MaddHatter <maddhatt+securitybasics () cat pdx edu>
Date: Sat, 9 Sep 2006 01:53:11 -0700
Steven Rakick <stevenrakick () yahoo com> said (on 2006/09/07):

From: Steven Rakick <stevenrakick () yahoo com>
Subject: AD account information

...
My question is this. Is the lastLogon AD account
property updated any time a user authenticates to AD
regardless of the service? Like, if I login to a 3rd
party application which uses LDAP integration with AD
for authentication, will that update the users
lastLogon property in AD?

-SR


This is where MSDN is great.
        "lastLogon is the last date and time that the user network logon
        was validated by the particular domain controller that is returning
        the property."

This is NOT a replicated property, so it will be different on each domain
controller. The DC holding the most recent (greatest) value for lastLogon
will be the real last network logon timestamp (recorded as 100ns intervals
since Jan 1 1601 UTC).

If that level of granualarity is not necessary, you can make life easier
for yourself by using the lastLogonTimestamp property, which is updated
weekly and replicated across all the DCs.

If you are concerned about 3rd-party applications, you'll have to check
how those applications perform authentication. The easiest way is to note
what time you log on to the 3rd-party application, then go look at the
authenticating DC and see if your lastLogon timestamp updated.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: