So querying AD Clients LastLogon via C#:
public static string GetProp(this SearchResult value, string property)
{
if (value.Properties[property].Count > 0)
return value.Properties[property][0].ToString();
else
return "";
}
public static string GetLL(this SearchResult value)
{
var temp = value.GetProp("lastLogon");
string LL = temp== "" ? "" : DateTime.FromFileTimeUtc(long.Parse(temp)).ToString();
return LL;
}
or PS:
Get-ADComputer -Filter * -Properties * | Sort LastLogon | Select Name, LastLogonDate,@{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}}
is different then Clients LastLogon in MMC AD Snap-In. Does anybody know the reason for this difference or can anybody tell which value is the right one? Thanks in advance.
The attribute LastLogon is not an attribute which is getting synchronized across domain controllers. ie, the domain controller who is authenticating an object will also update LastLogon attribute. So this attribute is not expected to be the same across different domain controllers.
The right approach is to make use of LastLogonTimeStamp attribute, though this also dont replicate to all domain controllers in real time. However, this attribute is getting updated in a fixed interval and will help to get near accurate data.
https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx