cancel
Showing results for 
Search instead for 
Did you mean: 

IVE not updating 'LastLogon' attributte in AD

Highlighted
Contributor

IVE not updating 'LastLogon' attributte in AD

I have noticed that when users login to the IVE, the Lastlogon attributte in AD is not updated, only when a user enters an incorrect password the first time and then subsiquently enters a correct one does it update the attributte, this suggest that the IVE is caching these credentials, however we have the 'Persistant Password Caching' feature disabled, also, I'm thinkng even if this was the case, the IVE should still interogate the domain controller in case the password was changed from another system....... what else controls whether the IVE caches credentials on not?...............any one dealt with this before?..preciate any insites.

I have AD 2000 by the way.

thx

2 REPLIES 2
Highlighted
Regular Contributor

Re: IVE not updating 'LastLogon' attributte in AD

Have you selected "NTLM" under authentication protocols (AD auth server definition page on IVE)? If yes changing to Kerberos will resolve this issue. Below is an article from MS that explains 'why'

http://support.microsoft.com/kb/886705

Note: For each user session IVE will always validate the credentails against the backend authentication server

Hope it helps!

Contributor

Re: IVE not updating 'LastLogon' attributte in AD

Thanks for the response,

I believe the issue you're referencing is only particular to Win2003 AD, I have AD 2000,

I do have keberos and NTLM enabled for backwards compatability,

What I find interesting is that the attribute is updated only when you input an incorrect password.