Difference between lastlogon and lastlogontimestamp

Difference between lastlogon and lastlogontimestamp

http://msdn.microsoft.com/en-us/library/ms676824(VS.85).aspx
Last-Logon-Timestamp Attribute

This is the time that the user last logged into the domain. Whenever a user logs on, the value of this attribute is read from the DC. If the value is older [ current_time - msDS-LogonTimeSyncInterval ], the value is updated. The initial update after the raise of the domain functional level is calculated as 14 days minus random percentage of 5 days.

http://msdn.microsoft.com/en-us/library/ms676823(VS.85).aspx
Last-Logon Attribute

The last time the user logged on. This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown.

If your domain is at Windows Server 2003 functional level, there is a new attribute called lastLogonTimeStamp you can use. Like lastLogon, this attribute is Integer8 and represents the time when the user last logged onto the domain. Unlike lastLogon, this new attribute is replicated. However, it is only updated when the user logs on if the old value is more than 14 days in the past. That means the value can only be trusted if it is more than 14 days in the past, which is fine for finding old unused accounts. This behavior reduces the synchronization load while still giving administrators the information they need.

“The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”
http://blogs.technet.com/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx