Full Disclosure mailing list archives
RE: Active Directory accounts
From: Steven Rakick <stevenrakick () yahoo com>
Date: Fri, 8 Sep 2006 06:00:24 -0700 (PDT)
Hello Angel, You are aware that the lastLogon property isn't replicated right? If you have a multi-domain controller environment, you have to poll each DC for the lastLogon value to get an accurate value. That was probably the reason for the inconsistency. I have already validated that AD Inspector polls all domain controllers for the value. My concern was more along the lines of at what point is the lastLogon updated. I've done some testing and it does appear that it's updated any time the object authenticates, regardless of how or where. From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Angel Barrio Sent: Friday, September 08, 2006 7:13 AM To: full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] Active Directory accounts Hi We have recently developed a script to gather detailed user information from our AD in order to identify user accounts not used for a long time and proceed with deletion of such users. During our test, at least we have observed that the LastLogon property is changed not only with the interactively logon to a desktop system, but also while mapping a network drive. We have not tested it with third party applications that make use of the AD just as and LDAP for authentication, but it is very likely that this property will also be updated this way. Regards, -------------------------------------------------------- Angel Barrio MartÃnez, Systems Security Engineer mail: abmartinez () euskaltel es phone: +34 944011768 fax: 944011030 __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Active Directory accounts Steven Rakick (Sep 07)
- RE: Active Directory accounts deji (Sep 07)
- Re: Active Directory accounts Philosophil (Sep 08)
- Message not available
- Re: Active Directory accounts Philosophil (Sep 08)
- Message not available
- <Possible follow-ups>
- RE: Active Directory accounts Angel Barrio (Sep 08)
- RE: Active Directory accounts Steven Rakick (Sep 08)
- RE: Active Directory accounts Angel Barrio (Sep 08)