I get this question pretty regularly… “How do you change how often lastLogonTimeStamp gets updated because I want this updated every time a user is authenticated…”
First off, no you don’t. Authentications occur a heck of a lot more often than you probably expect and not just when someone sits down and types their password in. If you want to know every time that occurs, work on doing it through a logon script.
Now that being said, you can adjust the time in days by manipulating the msDS-LogonTimeSyncInterval attribute on the NC head in Active Directory. Lowest value is 1 day. Be aware of the replication implications, if you have several hundred thousand user accounts and several hundred thousand computer accounts, this could get chatty. This is why lastLogon doesn’t replicate. Well one of the reasons.
In ADAM you want to set ADAMLastLogonTimestampWindow value on the msDS-Other-Settings attribute of the nTDSService object in the config container. The DN of that object will be something like CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,CN={some guid}. This value can be set to 0 and will reflect every authentication for the ADAM principal.
  joe
I’m sorry, could you be a little more specific about where and how this is set? I do have a valid reason for changing it, but cannot seem to find any information.
Thanks