We noticed that in Active Directory configured at Windows Server 2019 reset password is changing lastLogonTimestamp. Is it correct behavior?
We noticed that in Active Directory configured at Windows Server 2019 reset password is changing lastLogonTimestamp. Is it correct behavior?
Hi,
As this thread has been quiet for a while,
If this question has any update?
If you have any questions or concerns about it, please don't hesitate to let us know.
Best Regards,
Hi,
Interactive, Network, and Service logons will update the lastLogontimeStamp . So if a user logs on interactively, browses a network share, access the email server, runs an LDAP query etc… the lastLogontimeStamp attribute will updated if the right condition is met.
The lastLogontimeStamp attribute is not updated every time a user or computer logs on to the domain. The decision to update the value is based on the current date minus the value of the ( ms-DS-Logon-Time-Sync-Interval attribute minus a random percentage of 5).
For more information , you can refer to the following link:
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/8220-the-lastlogontimestamp-attribute-8221-8211-8220-what-it-was/ba-p/396204
When you reset the password through the ADUC, It will not effect the lastLogonTimestamp attribute .
The Lastlogon attribute will change immediately, but not the lastLogonTimestamp attribute.


Hi,
Just want to confirm the current situations.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,
6 people are following this question.