Solved

How to enumerate last logged-in user for every machine in a domain or OU using AD query?

Posted on 2007-03-30
7
744 Views
Last Modified: 2008-05-31
Is there a way to query an active directory 2003 domain and retrieve a list of who is logged in where, or alternatively, query the domain for a specific username and locate the machine that user last logged into?

For example:
A moving company moved a bunch of PCs but got mixed up when they arrived and just plugged random machines into random desks. The machines are labeled by hostname, but the users have no idea what machine belongs to who. Is there a way using an AD query to enumerate machine-name to last logged in user?

All machines are Windows XP pro
All servers are Windows 2003 standard.
0
Comment
Question by:dstynchula
7 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18826408
If you have enabled Auditing for Account logon events, go to the Security Log in Event Viewer on your Domain Controller.  Filter on event ID 680, which will give you the name of the user account and the name of the workstation that it logged on from.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18826430
If you run a wins-server, the info could be found here.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18826572
A free little management tool called DumpSec will generate several user reports including last logged on time by user:
http://www.somarsoft.com/
0
 
LVL 10

Expert Comment

by:stafi
ID: 18826739
you may use this free tool:

http://www.somarsoft.com/cgi-bin/download.pl?DumpAcl

after you download this tool you go to > report>select computer>dc ip
after you are connected go to >report>dump users as table

choose than options as needed.

0
 
LVL 10

Expert Comment

by:stafi
ID: 18826808
missed robwill somehow. this is from it pro mag

The Windows 2003 Microsoft Management Console (MMC) Active Directory Users and Computers snap-in provides access to the last logon field through the native Windows interface. Open the snap-in, right-click Saved Queries, and select New, New Query. In the New Query dialog box, enter a name such as Old accounts and click Define Query. In the Find dialog box, make sure Common Queries is selected in the Find drop-down list. Then enter 30 in the Days since last logon field and click OK twice to close the dialog boxes.

Windows will now search the domain and display a list of all the user accounts that haven’t logged on in the past 30 days. The only problem with this method is that Windows doesn’t let you filter out disabled accounts, so you’ll see disabled accounts in addition to dormant accounts that you might still need to disable.


0
 
LVL 1

Author Comment

by:dstynchula
ID: 18826885
Thanks for the responses guys, due to the industry this client is in they have very stringent rules on third party software, I was hoping to find a solution in the Active Directory Users and Computers MMC => Saved Queries.
Stafi: you're answer is closer to what I'm looking for, except not all of the machines are 30 days old. I was hoping someone knew of a query-foo way to get to the objComputer.UserName.

Any ideas?
0
 
LVL 1

Author Comment

by:dstynchula
ID: 18826900
Laura, Thanks for the help!
0

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now