|
The problem with LastLogin is that it isn't replicated. There is a LastLoginTimestamp property that is replicated weekly, but that is an AD 2003 property. You're better off looking at the pwdLastSet property and expiring accounts that have not changed their passwords 60 days from the password expiration date.
| 
