Logon-Count attribute

Applies to: desktop apps only

The number of times the account has successfully logged on. A value of 0 indicates that the value is unknown.

CN	Logon-Count
Ldap-Display-Name	logonCount
Size	4 bytes
Update Privilege	Domain administrator
Update Frequency	Each time the user logs on.
Attribute-Id	1.2.840.113556.1.4.169
System-Id-Guid	bf9679aa-0de6-11d0-a285-00aa003049e2
Syntax	Enumeration

Implementations

• Windows 2000 Server
• Windows Server 2003
• Windows Server 2003 R2
• Windows Server 2008
• Windows Server 2008 R2
• Windows Server 8 Beta

Windows 2000 Server

Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Windows Server 2003

Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Windows Server 2003 R2

Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Windows Server 2008

Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Windows Server 2008 R2

Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Windows Server 8 Beta

Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000011
Classes used in	User

Remarks

This attribute is not replicated and is maintained on each domain controller in the domain. To get an accurate value for the user's total number of successful logon attempts in the domain, each domain controller in the domain must be queried and the sum of the values should be used. Keep in mind that the attribute is not replicated, therefore domain controllers that are retired may have counted logons for the user as well, and these will be missing from the count.

Important  Due to compatibility with 16-bit versions of LAN Manager, the attribute has an upper limit of 65535. After this limit has been reached, you cannot use it as an indicator of user activity on this domain controller.

 

 

Send comments about this topic to Microsoft

Build date: 2/3/2012

I have a long time doubt on this attribute

According to the info given in msdn , it seems that this attribute shows the log on count of the user in a domain , but this value seems to be always wrong......I understand that this value is a non-replicating attribute so we need to add the sum of this attribute to know the exact count.....   I have a test scenario where there are two DC's , i created a test user in one of the DC's 1 month before...im sure that the logon count of that user is only 4 or 5 times , but if i check the value in adsiedit it shows 1297.....I cant believe that ...i tried loggin into one of the DC and then checked the LogonCount there and I found the value was 1587......I cant believe this.....I checked the variable type it was Integer......Im confused............