N
InsightHorizon Digest

What does lastLogontimeStamp mean

Author

John Thompson

Updated on April 21, 2026

Administrators can use the lastLogontimeStamp attribute to determine if a user or computer account has recently logged onto the domain. Using this information administrators can then review the accounts identified and determine if they are still needed and take appropriate action.

What is lastLogontimeStamp in Active Directory?

The Active Directory attribute lastLogonTimestamp shows the exact timestamp of the user’s last successful domain authentication. If the user never did logon to the DC, the value of lastLogonTimestamp is zero. …

How accurate is lastLogontimeStamp?

Lastlogon is precise but shows when the user logged in to that specific DC and is not replicated to others. Basically Lastlogontimestamp is great for your purpose of finding stale objects in AD, but it is not very precise.

What is the difference between last logon and lastLogontimeStamp?

Use the most recent attribute. Lastlogon is only updated on the domain controller that performs the authentication and is not replicated. LastLogontimestamp is replicated, but by default only if it is 14 days or more older than the previous value.

How do I get lastLogontimeStamp?

Search for the user account and right click the User object. On the user properties box, click General tab. The lastLogon attribute should reveal the last logon time of user account.

How do I show attribute editor in AD?

  1. Open Active Directory Users and Computers.
  2. Click View.
  3. Check Advanced Features.
  4. Right-click a user-object.
  5. Click Properties.
  6. Click Attribute Editor.

How often is lastLogontimeStamp updated?

lastLogontimeStamp (what you are querying) is not updated on every logon, but is replicated to other domain controllers. By default it can be as much as 14 days out of date.

How do I list all domain controllers in PowerShell?

Get-AdDomainController cmdlet in PowerShell is used to get a list of domain controllers, IP information. You can use other commands like Get-AdForest, nltest to list all domain controllers.

How do I find msDS LogonTimeSyncInterval?

Changing the ms-DS-Logon-Time-Sync-Interval value is actually quite simple. Right-Click on the domain DN (DC=domain,DC=com) under Default naming context and select Properties. Under Attribute Editor, scroll down to the msDS-LogonTimeSyncInterval attribute and Click Edit.

What is PwdLastSet attribute Active Directory?

Pwd-Last-Set attribute (LDAPDisplayName PwdLastSet) represents the date and time that the password for this account was last changed. … When the administrator clicks the “User must change password at next logon” check-box in Active Directory Users and Computers, the Pwd-Last-Set attribute (PwdLastSet) gets set to 0.

Article first time published on

How can I tell when a user last logged in Active Directory?

Step 1: Open Active Directory Users and Computers and make sure Advanced features is turned on. Step 2: Browse and open the user account. Step 3: Click on Attribute Editor. Step 4: Scroll down to view the last Logon time.

What is bad password time?

This attribute shows the date and time at which the user last enters an incorrect password to log on to their account.

Why is last date logon blank?

An empty LastLogonDate property means that the account has never been logged on. You get only these accounts, because you restrict your results to them with the filter clause -not (lastlogontimestamp -like “*”) , which translates to “accounts whose lastLogonTimestamp attribute does not have a value”.

What format is LastLogontimestamp?

The format of the attribute is a FileTime structure which measures the number of 100 nano-second intervals since January 1st 1601 (UTC time).

How can I tell who is logged into my computer remotely?

  1. Hold down the Windows Key, and press “R” to bring up the Run window.
  2. Type “CMD“, then press “Enter” to open a command prompt.
  3. At the command prompt, type the following then press “Enter“: query user /server:computername. …
  4. The computer name or domain followed by the username is displayed.

How can I tell when Windows 10 last logged in?

  1. Open Start.
  2. Search for Event Viewer, click the top result to launch the experience.
  3. Browse the following path: Event Viewer > Windows Logs > Security.
  4. Double-click the event with the 4624 ID number, which indicates a successful sign-in event.

What is computer last logon date?

LastLogonTimestamp attribute:This is the time that the user last logged into the domain. The lastLogontimeStamp attribute is not updated with all logon types or at every logon. Whenever a user/computer authenticate or logs on, the value of this attribute is read from the DC.

Where are Active Directory inactive computers?

Run Netwrix Auditor → Navigate to “Reports” → Expand the “Active Directory” section → Go to “Active Directory – State-in-Time” → Select “Computer Accounts – Last Logon Time” → Click “View” → Adjust the “Inactive Days” parameter if needed → Click “View Report”.

What is attribute in Active Directory?

Each object in Active Directory Domain Services contains a set of attributes that define the characteristics of the object. … The attribute definition includes a variety of data, for example, what object types that the attribute applies to and the syntax type of the attribute.

How can I see ad user attributes?

Open the Active Directory Users and Computers manager tool. Go to View and ensure Advanced Features is enabled, or click the Advanced Features menu option to enable it. In the left navigation, go to Users. Right-click on a user, then click Properties.

How do I edit Active Directory?

  1. Log in to a computer in the domain you want to configure using a user account with domain administrator privileges.
  2. Open a command prompt, type adsiedit.msc and press Enter to start the ADSI Edit configuration tool.
  3. Right-click ADSI Edit, and then select Connect to.

How do I identify my domain controller?

Have the logged on user launch the command prompt on the target computer. Type Set Logonserver the name of the domain controller that authenticated the user will be returned. See the figure below. Using echo %username% will allow you create a script to identify the authenticating domain controller.

How do domain controllers work?

A domain controller (DC) is a server that responds to security authentication requests within a Windows Server domain. … A domain controller is the centerpiece of the Windows Active Directory service. It authenticates users, stores user account information and enforces security policy for a Windows domain.

How do I find my domain controller in PowerShell?

You can use the Get-ADDomainController PowerShell cmdlet to get information about the domain controllers in Active Directory. This cmdlet is a part of PowerShell Active Directory module and requires RSAT installation (onWindows 10 1809 and newer RSAT is installed in a different way).

Is PwdLastSet replicated?

The pwdLastSet attribute is a replicated attribute that contains the last time an account’s password was changed. … For user objects you would want to look at the lastLogon and the lastLogonTimeStamp attributes.

Where do I find PwdLastSet?

Navigate to the user account you want to know about using the standard OU structure, then right-click on the account and select “Properties”. Scroll down about ¾ down the list to “PwdLastSet” and the value should be displayed in date/time format.

What is MsDS UserPasswordExpiryTimeComputed?

MsDS-UserPasswordExpiryTimeComputed performs the AD Determining Password Expiration calculations. In Microsoft Active Directory Virtual Attribute can be returned as value data in an LDAP SearchRequest. The msDS-UserPasswordExpiryTimeComputed attribute exists on AD DS but not on AD LDS.

What is dsCorePropagationData attribute?

The dsCorePropagationData is a “system” attribute which is used by the Active Directory service and cannot and should not be modified by anything other than the directory itself. … This attribute contains information about the internal state used by the security descriptor propagator (SDProp).

What is LastLogonDate?

LastLogonDate is a converted version of LastLogontimestamp. He was technically right. It’s not a replicated attribute. Instead, it’s a locally calculated value of the replicated value. Most importantly, it gives us the ability to query using human friendly date formats!!

How do I export last logon time in Active Directory?

  1. Step 1: Download and launch tool. You can download the tool here. It only takes 3 simple steps to run this tool. …
  2. Step 2: Export results to CSV. To export the results just click on the export button, select your format and click export all rows.

How do I convert a timestamp to a date in Excel?

  1. From a timestamp in milliseconds (ex: 1488380243994) use this formula: =A1/1000/86400+25569. with this formater: yyyy-mm-dd hh:mm:ss.000.
  2. From a timestamp in seconds (ex: 1488380243) use this formula: =A1/86400+25569. with this formater: yyyy-mm-dd hh:mm:ss.

Related Documentation

How do you force a hyacinth bulb indoors

What is the largest top loader washing machine

How deep are most backyard pools

Quels sont les pays de lAsie de lOuest