I am looking at the attributes of a Mac computer that has been joined to our Active Directory domain to figure out not only which attributes are populated at the time of joining/binding, but also which ones will change/updated as it lives and authenticates in AD? I currently see ~31 attributes that have values but I am particularly interested in the attributes that have date/time values since it is those attributes that help determine whether a computer is still active/authenticating with AD. Here is a list of some of those attributes:
dSCorePropagationData
lastLogon
lastLogonTimeStamp
pwdLastSet
whenChanged
whenCreated
I am also investigating why some Mac systems populate the operatingSystem and operatingSystemVersion attributes while others do not? Perhaps its the version of Mac OS but I'm just getting started with figuring this out so I'm just hoping someone can help fill in the blanks. It is also my understanding that the default for Mac OS X to change it's AD computer object password, is every 14 days which I'm assuming will be reflected in the pwdLastSet attribute?
