Vig, I am currently testing a "LastLogon" program for user accounts. Since the LastLogin property has to be checked for each account on each domain controller this process is very network intensive and time consuming for large domains in a WAN environment.
I am considering a few short cuts to shorten the process. - Check the PW age from the PDC and make a list of only those accounts that fail some PW age test.
- Process this list of accounts on all other DCs instead of processing ALL accounts.
This way it might be possible to exclude the bulk of active accounts that are within the password age policy.
Your thoughts?
[ 08. September 2002, 23:31: Message edited by: Howard Bullock ]
