lastLogon vs lastLogonTimestamp vs lastLogonDate - explained

Today I want to write about this "last Logon attributes"... This could be a little bit confusing if you check it on the internet. So with my post I will try to explain it easily.

lastLogon 
The lastLogon is only updated on the Domain Controller where login has actually happened and it wouldn´t be replicated. It´s being updated each time after each interactive logon. 
An interactive logon to a computer can be performed either locally, when the user has direct physical access, or remotely, through Terminal Services, in which case the logon is further qualified as remote interactive.

Summary: lastLogon is only updated on the DC  where an interactive login has actually happened. So it wouldn´t be replicated.

lastLogonTimestamp
The lastLogonTimestamp is replicated to all Domain Controllers in your AD Forest. It´s being updated after certain interval, default value is 14 days - a random percentage of 5 to save on a replication traffic. The attribute to define this value is named "ms-DS-Logon-Time-Sync-Interval" and could be found in the Properties default naming context. If this value isn´t set its using the default value 14.
The update could be triggered by Interactive, Network, Batch and Service logons.
A Network logon occurs when you access remote file shares or printers. Also, most logons to IIS are classified as network logons.
Service logon is used for services and accounts that log on to start a service. When a service starts, Windows first creates a logon session for the user account that is specified in the service configuration.
Batch logon is used for scheduled tasks. When the Task Scheduler service starts a scheduled task, it first creates a new logon session for the task, so that it can run in the security context of the account that was specified when the task was created

Summary: lastLogonTimestamp is replicated on all DCs every 14 days - random of 5%, with an interactive logon, network and simple bind logons. This value should be used to find stale accounts.

lastLogonDate
It’s a locally calculated value of the LastLogontimestamp attribute used by PowerShell. It gives us the ability to query the LastLogontimestamp with a common date format!


How to get stale accounts?
So if you want to identify stale accounts on the domain I would recommend to use Powershell using LastLogonDate. You get Interactive, Network, and Service logons and you have a human friendly date format. Find attached two queries to find user or computer accounts where lastLogonDate is older than 90 days.

User:
$90daysAgo = (Get-Date).AddDays(-90)
Get-ADUser -Property Name,lastLogonDate -Filter {lastLogonDate -lt $90daysAgo} | Select Name,lastLogonDate | Sort-Object -Property Name

Computer:
$90daysAgo = (Get-Date).AddDays(-90)
Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $90daysAgo} | Select Name,lastLogonDate | Sort-Object -Property Name