Solved

How to enumerate last logged-in user for every machine in a domain or OU using AD query?

Posted on 2007-03-30
7
766 Views
Last Modified: 2008-05-31
Is there a way to query an active directory 2003 domain and retrieve a list of who is logged in where, or alternatively, query the domain for a specific username and locate the machine that user last logged into?

For example:
A moving company moved a bunch of PCs but got mixed up when they arrived and just plugged random machines into random desks. The machines are labeled by hostname, but the users have no idea what machine belongs to who. Is there a way using an AD query to enumerate machine-name to last logged in user?

All machines are Windows XP pro
All servers are Windows 2003 standard.
0
Comment
Question by:dstynchula
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18826408
If you have enabled Auditing for Account logon events, go to the Security Log in Event Viewer on your Domain Controller.  Filter on event ID 680, which will give you the name of the user account and the name of the workstation that it logged on from.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18826430
If you run a wins-server, the info could be found here.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18826572
A free little management tool called DumpSec will generate several user reports including last logged on time by user:
http://www.somarsoft.com/
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 10

Expert Comment

by:stafi
ID: 18826739
you may use this free tool:

http://www.somarsoft.com/cgi-bin/download.pl?DumpAcl

after you download this tool you go to > report>select computer>dc ip
after you are connected go to >report>dump users as table

choose than options as needed.

0
 
LVL 10

Expert Comment

by:stafi
ID: 18826808
missed robwill somehow. this is from it pro mag

The Windows 2003 Microsoft Management Console (MMC) Active Directory Users and Computers snap-in provides access to the last logon field through the native Windows interface. Open the snap-in, right-click Saved Queries, and select New, New Query. In the New Query dialog box, enter a name such as Old accounts and click Define Query. In the Find dialog box, make sure Common Queries is selected in the Find drop-down list. Then enter 30 in the Days since last logon field and click OK twice to close the dialog boxes.

Windows will now search the domain and display a list of all the user accounts that haven’t logged on in the past 30 days. The only problem with this method is that Windows doesn’t let you filter out disabled accounts, so you’ll see disabled accounts in addition to dormant accounts that you might still need to disable.


0
 
LVL 1

Author Comment

by:dstynchula
ID: 18826885
Thanks for the responses guys, due to the industry this client is in they have very stringent rules on third party software, I was hoping to find a solution in the Active Directory Users and Computers MMC => Saved Queries.
Stafi: you're answer is closer to what I'm looking for, except not all of the machines are 30 days old. I was hoping someone knew of a query-foo way to get to the objComputer.UserName.

Any ideas?
0
 
LVL 1

Author Comment

by:dstynchula
ID: 18826900
Laura, Thanks for the help!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question