This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 4%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hi,
I have an question regrading last logon date.
I have run an ad report to get all user/device with last logon date but some of them are using more than 1 year or no date.
If User account is used as service or being use to login to say email will it recode last logon date.
If user account is use for anything will it update the last logon date.
The LastLogonDate attribute in Active Directory (AD) is not updated every time a user or a service running under a user account logs on to the domain. The decision to update the value is based on a formula: the current date minus the value of the ms-DS-Logon-Time-Sync-Interval attribute minus a random percentage of 5. If the result is equal to or greater than LastLogonDate, the attribute is updated.
For example, if a service is running under a user account and has been running for 6 months without a reboot, the LastLogonDate for that user might show as 6 months ago. This is because the service might still have a valid Kerberos Ticket Granting Ticket (TGT) on the machine, and a new TGT does not necessarily trigger an update to the LastLogonDate
So, if a user account is used for anything (like running a service or logging into an email), it might not necessarily update the LastLogonDate. It’s important to note that this attribute is designed to help identify inactive accounts for potential disablement, not to track each and every logon event
If you need more precise logon tracking, you might want to consider using audit logs or third-party solutions designed for this purpose.
Hi, What is best way to remove user account for all user who don't work for company. I was using this field to get list of user and than slowly remove account
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi @lalajee
I have run an ad report to get all user/device with last logon date but some of them are using more than 1 year or no date.
This attribut is not replicated on all domain controller , if you want to use this attribut in order To identify if the account is active or not ,you have to check on all domain controller. Below a exaple of script
$DCLIST = GET-ADDomainController -Filter * | select -ExpandProperty Hostname
Foreach($DC in $DCLIST)
{
Get-Aduser -identity UserName -properties Lastlogon -Server $DC | select @{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}}
}
If User account is used as service or being use to login to say email will it recode last logon date.
Last logon date will be updated when the service or the server will be restarted or when the account authenticate to connect on mailbox
Please don't forget to accept helpful answer
Hi, I have over 2000 accounts which are reported as not logged in to logon date is more than 1 year old.
The best approach is to start to disable inactive account then wait 2 weeks or a month at least to confirm that this account is not used before remove it.
When you say that there are 2000 accounts not logged since 1 year I think you can start by disabling them before deleting.
Please don't forget to accept helpful answer
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello lalajee,
Thank you for posting in Q&A forum.
In Active Directory (AD), the last logon date is updated when a user or a service account interacts with the domain in a manner that requires authentication. This includes logging in to a computer, accessing network resources, or using services like email that authenticate against Active Directory.
There are two attributes in AD that store logon information:
LastLogon: This attribute is not replicated across domain controllers. It is precise but requires querying each domain controller.
Then we need to look at the LastLogon of each user on each DC, and then convert to it, the most recent login was LastLogon.
LastLogonTimestamp: This attribute is replicated but not in real-time. It is designed to help identify inactive accounts and typically has a replication latency of up to 14 days to reduce replication traffic. Therefore, it is not always up-to-date to the exact time of the last logon.
Understanding the AD Account attributes - LastLogon, LastLogonTimeStamp and LastLogonDate
https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx?Redirected=true
You can delete the user accounts of all users who do not work for the company by filtering these two attributes.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 70%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHA%3C/text%3E%3C/svg%3E)
Will you please help correct the right date for Domain controller and some other devices. showing some advanced lastlogontimestamp a year 2042.