Solved

How to enumerate last logged-in user for every machine in a domain or OU using AD query?

Posted on 2007-03-30
7
761 Views
Last Modified: 2008-05-31
Is there a way to query an active directory 2003 domain and retrieve a list of who is logged in where, or alternatively, query the domain for a specific username and locate the machine that user last logged into?

For example:
A moving company moved a bunch of PCs but got mixed up when they arrived and just plugged random machines into random desks. The machines are labeled by hostname, but the users have no idea what machine belongs to who. Is there a way using an AD query to enumerate machine-name to last logged in user?

All machines are Windows XP pro
All servers are Windows 2003 standard.
0
Comment
Question by:dstynchula
7 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18826408
If you have enabled Auditing for Account logon events, go to the Security Log in Event Viewer on your Domain Controller.  Filter on event ID 680, which will give you the name of the user account and the name of the workstation that it logged on from.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 18826430
If you run a wins-server, the info could be found here.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18826572
A free little management tool called DumpSec will generate several user reports including last logged on time by user:
http://www.somarsoft.com/
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 10

Expert Comment

by:stafi
ID: 18826739
you may use this free tool:

http://www.somarsoft.com/cgi-bin/download.pl?DumpAcl

after you download this tool you go to > report>select computer>dc ip
after you are connected go to >report>dump users as table

choose than options as needed.

0
 
LVL 10

Expert Comment

by:stafi
ID: 18826808
missed robwill somehow. this is from it pro mag

The Windows 2003 Microsoft Management Console (MMC) Active Directory Users and Computers snap-in provides access to the last logon field through the native Windows interface. Open the snap-in, right-click Saved Queries, and select New, New Query. In the New Query dialog box, enter a name such as Old accounts and click Define Query. In the Find dialog box, make sure Common Queries is selected in the Find drop-down list. Then enter 30 in the Days since last logon field and click OK twice to close the dialog boxes.

Windows will now search the domain and display a list of all the user accounts that haven’t logged on in the past 30 days. The only problem with this method is that Windows doesn’t let you filter out disabled accounts, so you’ll see disabled accounts in addition to dormant accounts that you might still need to disable.


0
 
LVL 1

Author Comment

by:dstynchula
ID: 18826885
Thanks for the responses guys, due to the industry this client is in they have very stringent rules on third party software, I was hoping to find a solution in the Active Directory Users and Computers MMC => Saved Queries.
Stafi: you're answer is closer to what I'm looking for, except not all of the machines are 30 days old. I was hoping someone knew of a query-foo way to get to the objComputer.UserName.

Any ideas?
0
 
LVL 1

Author Comment

by:dstynchula
ID: 18826900
Laura, Thanks for the help!
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question