AD Query

B

Bruce Wayne

I am running a query for the last time a user logged on. When I run the
query I get the following message. Any ideas as to where i need to go or
what i may be doing wrong. Other types of queries work ok. Thanks in
advance.

'This query cannot be completed because it requires
information that is not supported by the Active Directory that is currently
being targeted.


Bruce Wayne
 
J

Joe Richards [MVP]

How are you trying to query for the information? Note that that info is NOT replicated and you would have to dump the
record for every user on every domain controller that you wanted that info.
 
B

Bruce Wayne

I am running the query from AD users and groups. I am just searching for by
username for the last 180 days.


Joe Richards said:
How are you trying to query for the information? Note that that info is
Click to expand...
NOT replicated and you would have to dump the
 
J

Joe Richards [MVP]

Ah, I am guessing you are using the Windows 2003 Adminpak tools against a Windows 2000 directory? I don't use the GUI
much so didn't recognize the message. I saw it once I tried the W2K3 version of the tool and created a saved query
against a W2K domain. It worked fine against a W2K3 domain.

The Windows 2003 directory has an extra attribute that is replicated that has the last logon info for users but has a
latency of about a week (i.e. you won't know to the day the last logon, only to the last week).

You won't be able to use that until you are using Windows 2003 active directory.



--
Joe Richards
www.joeware.net
 
D

David Adner

To the last week? Bleh. Is it really that difficult to track the last
logon?
 
J

Joe Richards [MVP]

Previous to W2K3 you had to query the last logon date of the user on every domain controller, again that data previously
wasn't replicated at all.

If this is something you really need, what most people will do is set up a logon script that will update something in a
central place (like a database) or send an email or write a file or something that can be quickly checked out.

--
Joe Richards
www.joeware.net
 
J

Joe Richards [MVP]

It is easy to understand why it isn't. Consider a large environment such as the one I manage, I have some 250,000
userids with hundreds of domain controllers. Think of all the replication generated simply by people logging on and off.
I am quite thankful that info isn't replicated.


--
Joe Richards
www.joeware.net
 
D

David Adner

Joe,

Do you ever wish you could partition your AD database (ala NDS) as
another way to optimize replication traffic? I don't mean establishing
additional Domains. I know the current AD design of having each DC in a
Domain holding an entire copy of the database has some benefits, but it
seems to also have some negatives, especially in very large environments
or highly dispersed ones, such as companies with lots of branches that
require a DC.
 
J

Joe Richards [MVP]

Yes.

:)

--
Joe Richards
www.joeware.net

--

David Adner said:
Joe,

Do you ever wish you could partition your AD database (ala NDS) as
another way to optimize replication traffic? I don't mean establishing
additional Domains. I know the current AD design of having each DC in a
Domain holding an entire copy of the database has some benefits, but it
seems to also have some negatives, especially in very large environments
or highly dispersed ones, such as companies with lots of branches that
require a DC.
Click to expand...
 
D

David Adner

That's good. If you had said no, I would have been very curious as to
why. I wonder if the application partitions are a move towards this.
 
J

Joe Richards [MVP]

I think application partitions were seen as needed and then someone said, hey let's do AD/AM instead. I am curious to
see what happens with application partitions.

I would like to see the ability to break out pieces of the tree to specific sites (something that allows it to be done
dynamically through API and not require an admin clicking on things). I would also like to to see the ability to run
multiple domains out of a single DC. That latter piece can't happen until all of the legacy clients are gone though
because of how the NETLOGON calls work.

--
Joe Richards
www.joeware.net
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Access Access Queries 0
AD Query 1
Inactive Accounts Saved Query 7
Provide wrong filter with search query, AD returning wrong err cod 1
Can't create a report from my query in Access 1
AD policy queries 1
SQL and/or AD Security to Query AD Database? 1
Querying AD Groups 2

Top