1601/01/01 of lastLogonTimeStamp attribute

Question

I'm using lastLogonTimeStamp to track the users last logon time as the following code:

$Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADSearch = New-Object System.DirectoryServices.DirectorySearcher
$ADSearch.SearchRoot ="LDAP://$Domain"
$ADSearch.SearchScope = "subtree"
$ADSearch.PageSize = 100
$ADSearch.Filter = "(objectClass=user)"

$properies = @("distinguishedName",
"sAMAccountName",
"mail",
"lastLogonTimeStamp")

foreach ($pro in $properies) {
    $ADSearch.PropertiesToLoad.add($pro)   
}

$userObjects = $ADSearch.FindAll()
foreach ($user  in $userObjects) {
    $logon = $user.Properties.Item("lastLogonTimeStamp")[0]
    $lastLogon = [datetime]::fromfiletime($logon)        
    $lastLogon= $lastLogon.ToString("yyyy/MM/dd")
    $lastLogon
}

I've gotten so far:

1601/01/01
1601/01/01
3/12/2012
1601/01/01
3/19/2015

This is not the first time I'm bloody confused about the 1601/01/01 value. And I've read also the MS document about this value and for me it's nonsense, it does not describe much what is the purposes of it. Not only lastLogonTimeStamp has this output, many other attributes have return this as well. So my questions are:

1. What is the purpose of this value?
2. In this case, what should I return as a proper human readable output ? (This attribute is not valid for this user?)

Answer 1

There is a known bug with the "last logon timestamp" and Windows 2016 domain controllers.

LDAP simple bind are not updating the last logon timestamp like previous OS ( 2012, 2008 ). Be careful.

I spent 2 months with MS on this. A patch will be released eventually... but for now it's not fixed.