The lastLogonDate property returned by Get-ADUser
maps to the lastLogonTimestamp attribute in AD which is replicated but not kept completely accurate. See the description here.
Net User refers to the AD attribute lastLogon. Which is accurate but isn't replicated between domain controllers reference Quote:
Please note that this value is NOT replicated between domain
controllers - if you want to know the exact last logon time for an
account in a domain with more than one domain controllers, you have to
check this value on all domain controllers!
There are many scripts out there that collect the domain controllers loop them and return the newest of the values found. You can check this answer and discussion for some insights. Note that we were troubleshooting performance issues with the script but there are code samples nevertheless.
Of particular interest, and not mentioned in the other answer, both of these attributes are stored as 64 bit integers representing the number of 100 nanosecond intervals since 1/1/1601 12:00. However, Get-ADUser
doesn't convert lastLogon to a typical [DateTime]
value for you. Moreover, it's stored as UTC and must be converted to local time, code similar to below demonstrates the point:
Get-ADUser saporito -properties 'LastLogonDate','LastLogon' |
Select *,@{Name = 'logonDate'; Expression = { [DateTime]::FromFileTimeUtc( $_.LastLogon ).ToLocalTime()}}
Note: Net User
appears to do the same conversion.
Note: I added a property rather than overwrite it. This is for demonstration may need to be adapter to your larger project.