lastLogon

Because the lastLogon attribute is not replicated in Active Directory, a different value can be stored in the copy of Active Directory on each Domain Controller. The largest value that is retrieved is the true last logon time for that user.

The lastLogon attribute is stored in Active Directory as Integer8 (8 bytes). This means it is a 64-bit number. This value represents the number of 100 nanosecond intervals since 12:00 AM January 1, 1601. The date represented by this number is in Coordinated Universal Time (UTC). It must be adjusted by the time zone bias in the local machine registry to convert to local time.

lastLogonTimestamp

Ok, here is how it works in Windows 2003 for the new last logon attribute.
One of the new attributes in Windows 2003 is lastLogonTimestamp which can be used to retrieve the last logon time for users, good so we have a new attribute to use! Sounds easy, right?

But the lastLogonTimestamp is not always showing the truth since it is only replicated every 14 days...

Simplifying Matters

So instead of writing VBScripts and performing calculation hurdles, why not download Winzero's Computer2User v3.00 or Winzero Domain Monitor solutions at:

http://www.winzero.ca/downloads.htm

and just use these solutions:

Computer2User version 3.0x will report the last domain logon for all users* from any selected DC, or the last local computer logon for all users by server or workstation.

DomainMonitor version 2.0x will report the last domain logon for all users* from all DCs by collection date.

*note "users" in Active Directory will return both users accounts and computer accounts because AD sees both as accounts.