I want to introduce to you a function of
Windows Server 2008 domain functional level:
Basically it is about finding out when a user has logged on last.
Last logon in the history of Windows Server
Before Windows Server 2003 there was only the attribute LastLogon which could not be replicated between DC’s. Therefore the information only existed on the DC where the log on was done. Elaborate scripts were necessary to search all DC’s for the “latest” LastLogon.
With Windows Server 2003 the LastLogonTimeStamp-attribute was introduced. It is replicated between DC’s. To keep the replication burden low, the attribute is only replicated every 9-14 days. This makes a thorough analysis difficult.
With Windows Server 2008 domain functional level, four new attributes were introduced:
The msDS-LastSuccessfulInteractiveLogonTime attribute
The attribute msDS-LastSuccessfulInteractiveLogonTime contains the time-stamp of the last successful interactive log on to a Windows 8, Windows 7 or Windows Vista computer and is replicated directly like any usual attribute. This, of course leads to a higher replication burden.
An other advantage or difference to LastLogonTimeStamp is that only interactive log ons to computers are recorded. The LastLogonTimeStamp is updated i.e. by LDAP log ons or log ons to network shares as well.
The Activation is done via a GPO (Group Policy). The GPO has to relate to the domains controller as well as to Windows Vista / Windows 7 Computers and Windows Server 2008.
Attention: In case the GPO is only set for DC’s and forgotten to be set for Windows Vista / Windows 7, log on will not be successful.
This setting is relevant only for Windows Vista / Windows 7 and Windows Server 2008 computers, older versions ignore it.
Path to the GPO-setting:
Computer Configuration| Policies | Administrative Templates | Windows Components | Windows Logon Options | Display information about previous logons during user logon = Enabled