![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 9%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOD%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
The Search-ADAccount cmdlet is probably using the lastlogondate to determine when that last interactive logon took place for a user account. The problem with that is that the lastlogondate property is only accurate within a range (typically 3 - 14 days). That's because that property isn't replicated immediately, it's replicated on a random schedule (probably based on how busy replication is within the AD forest).
The lastlogondate is updated on the DC that handled the logon, but you'd have to know which DC that was to be as accurate as you can. The alternative is to query each DC in the users' AD domain and get the most recent logon from them all.