This is not urgent replication Walkthrough of a last Logontime Stamp Update update 1. This randomization is done to prevent an update of the last Logontime Stamp attribute from many accounts at the same time causing a high replication load on the DC’s.(Assuming the value of the ms-DS-Logon-Time-Sync-Interval is at the default of 14) 2. The last Logontime Stamp attribute value of the user is retrieved 4. Current date – value of last Logontime Stamp = Y 6. Remember the purpose of the last Logontime Stamp attribute is locate inactive accounts not provide real-time logon information.
Controlling the update frequency of last Logontime Stamp.
It is possible to change the frequency of updates to the last Logon Time stamp or turn it off completely if desired. And the max value was set in code not in the schema.
In Windows Server 2003 we introduced the last Logontime Stamp attribute.
Administrators can use the last Logontime Stamp attribute to determine if a user or computer account has recently logged onto the domain.
Logon types and that will trigger an update to the last Logontime Stamp attribute.
The last Logontime Stamp attribute is not updated with all logon types or at every logon.
This process was time consuming as the last Logon attribute is updated only on the DC that validates the logon request. So in the past to determine the most recent logon of a user or computer account the last Logon attribute had to be queried on all domain controllers (at least in concept) and then the most recent date for last Logon had to be determined from all the results returned.
In Windows 2003 and higher last Logon is still has the same behavior.
So if a user logs on interactively, browses a network share, access the email server, runs an LDAP query etc…