Solved

How to enumerate last logged-in user for every machine in a domain or OU using AD query?

Posted on 2007-03-30
7
752 Views
Last Modified: 2008-05-31
Is there a way to query an active directory 2003 domain and retrieve a list of who is logged in where, or alternatively, query the domain for a specific username and locate the machine that user last logged into?

For example:
A moving company moved a bunch of PCs but got mixed up when they arrived and just plugged random machines into random desks. The machines are labeled by hostname, but the users have no idea what machine belongs to who. Is there a way using an AD query to enumerate machine-name to last logged in user?

All machines are Windows XP pro
All servers are Windows 2003 standard.
0
Comment
Question by:dstynchula
7 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18826408
If you have enabled Auditing for Account logon events, go to the Security Log in Event Viewer on your Domain Controller.  Filter on event ID 680, which will give you the name of the user account and the name of the workstation that it logged on from.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18826430
If you run a wins-server, the info could be found here.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18826572
A free little management tool called DumpSec will generate several user reports including last logged on time by user:
http://www.somarsoft.com/
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 10

Expert Comment

by:stafi
ID: 18826739
you may use this free tool:

http://www.somarsoft.com/cgi-bin/download.pl?DumpAcl

after you download this tool you go to > report>select computer>dc ip
after you are connected go to >report>dump users as table

choose than options as needed.

0
 
LVL 10

Expert Comment

by:stafi
ID: 18826808
missed robwill somehow. this is from it pro mag

The Windows 2003 Microsoft Management Console (MMC) Active Directory Users and Computers snap-in provides access to the last logon field through the native Windows interface. Open the snap-in, right-click Saved Queries, and select New, New Query. In the New Query dialog box, enter a name such as Old accounts and click Define Query. In the Find dialog box, make sure Common Queries is selected in the Find drop-down list. Then enter 30 in the Days since last logon field and click OK twice to close the dialog boxes.

Windows will now search the domain and display a list of all the user accounts that haven’t logged on in the past 30 days. The only problem with this method is that Windows doesn’t let you filter out disabled accounts, so you’ll see disabled accounts in addition to dormant accounts that you might still need to disable.


0
 
LVL 1

Author Comment

by:dstynchula
ID: 18826885
Thanks for the responses guys, due to the industry this client is in they have very stringent rules on third party software, I was hoping to find a solution in the Active Directory Users and Computers MMC => Saved Queries.
Stafi: you're answer is closer to what I'm looking for, except not all of the machines are 30 days old. I was hoping someone knew of a query-foo way to get to the objComputer.UserName.

Any ideas?
0
 
LVL 1

Author Comment

by:dstynchula
ID: 18826900
Laura, Thanks for the help!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cannot create more new mailboxes EX2013 2 35
active directory 6 76
Change AD password via MS Access DB 2 20
Can't a Exchange 2010 snap-in in PowerShell script 25 15
Learn about cloud computing and its benefits for small business owners.
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now