diff --git a/source/_posts/2025-01-12.md b/source/_posts/2025-01-12.md
new file mode 100644
index 0000000..1076188
--- /dev/null
+++ b/source/_posts/2025-01-12.md
@@ -0,0 +1,6 @@
+---
+title: Event 5136 does not record logon time
+date: 2025-01-12
+---
+
+Every successful logon is recorded in [Event 4624](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4624) but does [not necessarily](https://learn.microsoft.com/en-us/archive/technet-wiki/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate) update the [`lastLogonTimestamp`](https://learn.microsoft.com/en-us/windows/win32/adschema/a-lastlogontimestamp) attribute (nor its human-friendly version `LastLogonDate`). Even when it gets updated (after [`ms-DS-Logon-Time-Sync-Interval`](https://techcommunity.microsoft.com/blog/askds/8220the-lastlogontimestamp-attribute8221-8211-8220what-it-was-designed-for-and-h/396204) minus a random percentage of 5 has passed), [Event 5136](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=5136) (a directory service object was modified) will not capture it.