this is a great article on lastLogonTimeStamp. particularly interesting to me are the kinds of triggers that will cause an update to this attribute. here’s a snippet:
Logon types and that will trigger an update to the lastLogontimeStamp attribute.
The lastLogontimeStamp attribute is not updated with all logon types or at every logon. The good news is that the logon types that admins usually care about will update the attribute and often enough to accomplish its task of identifying inactive accounts.
Interactive and Network logons will update the lastLogontimeStamp. So if a user logs on interactively, browses a network share, access the email server, runs an LDAP query etc… the lastLogontimeStamp attribute will updated if the right condition is met. (The conditions are discussed below in the section Update and Replication of lastLogontimeStamp.
As of Windows 2003 SP1 these logon types will NOT update lastLogontimeStamp
- Certificate mapping through Microsoft Internet Information Services (IIS).
- Username and password authentication through IIS.
- Microsoft .NET Passport mapping through IIS.
great article warren. click here for the full post.