Resolution
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.x
fact
Enterprise Administrator 5.00.02
symptom
Last logon information is not accurate when a user logs in using a RAS session.
cause
The cause of this issue is that Windows does not generate a timestamp on a Domain Controller when the user logs in using a RAS session.
fix
This is by design. Directory and Resource Administrator (DRA) can only gather logon statistics for user accounts that are actually recorded on the domain controller.
note
The issue is due to Microsoft not generating a timestamp on a domain Controller when a user logs on during a RAS session or Dial up Session. In this situation, no timestamp is generated on a DC , therefore neither Enterprise Administrator or DRA has anything to gather on the DC to report on.
For example, assume you are using VPN sessions and Windows 98 clients to connect to the domain. When a user logs on through a VPN session, using the Win98 clients, a last logon timestamp is not generated on a DC. VPN connections with a 98 client are similar to RAS into a server. The VPN simply authenticates the account and the user never truly logs on to the domain. Hence, a timestamp is never created on a DC.
Information regarding VPN can be found at http://www.microsoft.com/TechNet/win2000/vpninter.asp
A typical troubleshooting technique is to use the Usrstat utility with the NT Resource Kit. This utility displays logon stats per DC. Have the user log in with the VPN session and 98 clients, or via the dial-up, and check to see if a timestamp is generated on a DC for that user.