Where does Directory and Resource Administrator get the timestamp for the 'Last Bad Password' field? (NETIQKB36301)

  • 7736301
  • 02-Feb-2007
  • 19-Jun-2007

Resolution

goal
Where does Directory and Resource Administrator get the timestamp for the 'Last Bad Password' field?

fact
Directory and Resource Administrator 6.x

fact
Directory and Resource Administrator 7.x

fix

The timestamp displayed in the Last Bad Password field, along with 4 additional properties on the Statistics tab, are retrieved from the domain controller that Directory and Resource Administrator (DRA) binds to.

The following 4 properties are retrieved by Directory and Resource Administrator (DRA) from the domain controller.  The following information is replicated by Active Directory to all domain controllers:

  • logonCount:   Number of logos Authenticated
  • badPasswordTime:   Last Bad Password
  • badPwdCount:   Incorrect Password Attempts
  • pwdLastSet:  Password last changed

The timestamp for the Last logon is held on each domain controller and is gathered by the DRA agents service.  Thus, in order to view the Last logon timestamp, the DRA Agent must be installed on all domain controllers.

This issue is resolved in Directory and Resource Administrator (DRA) 7.5 and later. Upgrade to the latest version of DRA to resolve this problem.



note

The timestamp displayed for the BadPasswordTime property is the GMT time of the DC that the user was trying to authenticate to when he incorrectly entered the password.   The web console in DRA 7.0 and in 6.6  did not convert the time to the local time of the client machine while the GUI interface does.

In DRA 7.5 the 32-bit GUI and the web console display the time stamp in the same format.



Additional Information

Formerly known as NETIQKB36301