Overview#The LastLogon attribute in Microsoft Active Directory is updated only on the DC that validates the LastLogon request.
The LastLogon attribute is not replicated. So in the past to determine the most recent logon of a user or computer account the lastLogon attribute had to be queried on all domain controllers (at least in concept) and then the most recent date for LastLogon had to be determined from all the results returned.
In Windows 2003 and higher LastLogon still has the same behavior. It is updated only on the validating DC and is never replicated.
A value of zero means that the last logon time is unknown.
The lastLogonTimeStamp is replicated, but not immediately.
Attribute Definition#The LastLogon AttributeTypes is defined as:
- OID of 1.2.840.1135220.127.116.11
- NAME: LastLogon
- DESC: The last time the user logged on
- SYNTAX: 1.2.840.113518.104.22.1686
- USAGE DirectoryOperation