SCCM 2007 R2 Failed to get following optional attributes lastLogonTimestamp
Hi everybody,
I have a problem with the AD system discovery. I have added the attribute lastLogonTimestamp, but for a lot of machines SCCM fails to retrieve the attribute from the computer account. A value exists in the computer account in AD DS for those machines. In
the adsysdis.log I can see the following messages:
INFO: discovered object with ADsPath = 'LDAP://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
WARN: Could not get property (domain) for system (0x80005010)
WARN: Failed to get following optional attributes lastLogonTimestamp
What can cause this?
August 1st, 2012 8:02am
What domain level is your AD domain at?
Do you have multiple AD domains?Jason | http://blog.configmgrftw.com | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 9:11am
Hi Jason, my domain functional level is server 2003, I have a root domain with 2 child domains.
August 1st, 2012 9:15am
Are all three domains at this level?
Have you looked in AD to verify the attribute is populated for those objects?Jason | http://blog.configmgrftw.com | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 11:10am
Hi Jason,
Yes they are all three at the Server 2003 functional level, domain and forest. The attributes are also populated. Anything else I could try or check?
August 1st, 2012 12:57pm
this hotfix may be relevant:
http://support.microsoft.com/kb/2345551Don
Free Windows Admin Tool Kit Click here and download it now
August 1st, 2012 8:05pm
this hotfix may be relevant:
http://support.microsoft.com/kb/2345551Don
August 1st, 2012 8:10pm
When you say the attributes are populated, have you checked the objects specifically listed with the warnings from adsysdis.log?
Also, forgot to mention that the first warning, "WARN: Could not get property (domain) for system (0x80005010)", is a known issue and is ignorable as it has zero ramifications.Jason | http://blog.configmgrftw.com
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2012 7:32pm
When you say the attributes are populated, have you checked the objects specifically listed with the warnings from adsysdis.log?
Also, forgot to mention that the first warning, "WARN: Could not get property (domain) for system (0x80005010)", is a known issue and is ignorable as it has zero ramifications.Jason | http://blog.configmgrftw.com
August 9th, 2012 7:32pm
Does the computer account have the necessary permissions to query this attribute from AD? Maybe clients reside on a secured OU.
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2012 7:54pm
How can I verify this exactly?
August 17th, 2012 3:39am
Activate the advanced properties in AD Users and Computers and view the OU security settings.
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2012 11:41pm