Tweet
I'd like be able to see if the flag is set for "user must change password at next logon" when viewing the list of all the user accounts in the domain, but I don't see that as a field I can add under AD Queries in Object Manager. What do you suggest? I also want to know the difference between "lastlogon" and "lastLogonTimestamp" which seem to display different dates.
-
-
Re: Password expiration and logons
I believe this is determined by the PwdLastSet field. If there is a (None) in that field, the User Must Change Password At Next Logon will be checked. So, if you display that field in the right window you can sort/filter on it.
LastLogonTimeStamp appears to be added in 2003, and is in AD and replicates between controllers. Last Logon is stored locally on the controller that authenticates the logon, and is typically different depending on what controller you are viewing. You can right-click on a user and choose the View Logon Information option, then click the Check All Domain Controllers button to see this.
Comment