Monday, November 16, 2015

Active Directory Surprise: logonCount Attribute Isn't Replicated

Today while curiously browsing around an Active Directory environment with ActiveNav, I noticed that all the logonCount values were way lower than they should have been. That user attribute should keep a tally of how many times the person has logged onto any workstation. I soon realized that I had connected ActiveNav to a relatively new domain controller. Since that controller hadn't been online as long as the other, not nearly as many logons had been checked against it. The logonCount attribute is not replicated between domain controllers, so each controller keeps its own copy; therefore, there is no way to get an authoritative answer for the number of a user's logons from just one query.
Posted by at
Labels:

2 comments:

  1. Oleksiy GaydaApril 28, 2020 at 9:38 PM

    Can be done with PowerShell: Get-ADDomainController -Filter * | %{$i+=Get-ADUser -Server $_.HostName -Identity username -Properties logonCount | select -expand logonCount};$i;

    ReplyDelete
    Replies
    1. UnknownSeptember 25, 2020 at 8:57 AM

      That's one query per DC, not "one query".
      It's a one-liner scriptblock, sure.

      Delete

Subscribe to: Post Comments (Atom)