I wrote a program which gives all user attributes from active directory using novell library but unfortunately I don't get value of lastlogon attribute although this attribute contains a value.
Asked
Active
Viewed 266 times
2
-
Would you mind providing a [mre]? – raspy Jan 24 '20 at 12:52
1 Answers
-2
The lastLogon attribute is not replicated. That means it will only be accurate on the domain controller that the user last authenticated against. Any other DC will have either an old value, or no value.
You have two options:
- Query each DC and use the most recent value, or
- Use the
lastLogonTimestampattribute, which was created for just this reason. It won't give you the exact time of the last logon, but it is guaranteed to be accurate within 2 weeks.
Also make sure you are reading from the domain (LDAP://) and not the Global Catalog (GC://). Neither attribute will be available from a GC.
Gabriel Luci
- 38,328
- 4
- 55
- 84