What is the difference between lastLogon vs lastLogonTimestamp atributes in Active Directory? These attributes contain slightly different values - pls see an example below. I am trying to determine when was the last time that this user has logged in to see if this is a stale user or active user. Seeing different values is confusing. Thanks!
Timestamp attribute is replicated, the other one is not replicated.
The difference is that lastLogonTimestamp is replicated to all Domain Controllers in your AD Forest, and lastLogon is only updated on a given local Domain Controller where login has actually happened without further replication. The catch is that local attribute is being updated each time after each login, and replicated attribute is being replicated only after certain interval (14 days by default) to save on a replication traffic. Some more detailed explanation as well as usefull PowerShell commands could be found in this article.