返回
-
标题
LastLogonTimeStamp and lastLogon attribute -
说明
Do users authenticating to Linux servers using QAS get their AD LastLogonTimeStamp and lastLogon attribute updated? -
解决办法
The “LastLogonTimeStamp” is an Active Directory (AD) user attribute and is the replicated version of the “LastLogon” attribute but is not necessarily updated every time “LastLogon” is updated. It depends on a number of factors including how long it has been since the “LastLogon” attribute was updated (up to 14 days). Therefore, it is important to note that this attribute is not designed to provide real time logon information. The “LastLogonTimeStamp” is replicated globally.
For real time information “Lastlogon” is a better option but is only updated on the domain controller that performs the actual authentication. This attribute is not replicated.
The lastLogon attribute will get updated when an AD user, including a Unix enabled AD user authenticates to a *nix or other server.
For more information about both of these attributes please see the following article.
https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx
To check the values of these attributes run the following commands for the user in question.
# /opt/quest/bin/vastool -u host/ attrs <user> lastLogon
# /opt/quest/bin/vastool -u host/ attrs <user> lastLogonTimeStamp