Link to home
Start Free TrialLog in
Avatar of cmarandi
cmarandiFlag for United States of America

asked on

OWA Last Login Time

In our network, we have a bunch of users who only use OWA.  They never login to the network.
They are in the AD, but when I query for inactive accounts, I only get the last login time to the network, which would not be true if they only use OWA.
So I thought, how about last logon to the exchange box; well that's a problem, because our backups are the last login accounts.
So, is there anyway I can querry for the last OWA login time of the users?
Maybe something in IIS?
I'm trying to clear AD of inactive accounts.
Avatar of ryansoto
Flag of United States of America image

Avatar of cmarandi


Yeah... I thought of going this route with the log files... I have TriGeo ( to read log files... but i was hoping there was something easier to use like ADManager....
Is there any querryable  comamnds?  such as dsquery?
That way I can query per user instead of trying to decipher.
I'll keep the question open if anyone has ran into this issue, I'd like some more inputs.

Also, is this best practice for OWA?  Do I have to do an AD account for each Exchange user, even though they never login to the account?
Yes you need to have an AD account to attach a mailbox to.
Again they are logging into active directory when they log into OWA.
This may help a little...It adds another tab in ADUC showing some good info
I thought it did authenticate against AD, but I tested it yesterday by creating an account and only connecting to OWA and the ADManager didn't see it against the AD.

But then later on, I thought of another issue that I had forgotten... I'm in 2000 mode and not in 2003, and I ran the ADManager against the whole domain.

I had forgotten that in 2000 mode, I can only get the lastlogin stamp from the controller and not the domain... it's in 2003 that it replicates the data against the whole AD.

Since my OWA is on one domain controller, I should be able to run it against just that DC and see it.
So, let me finish up my test with just the DC and I'll let you know.

Nope that didn't work
It just doesn't change the lastlogin stamp on the domain.
In the event viewer I see the login, but that's it.
I'm trying to see users who didn't login the last 30 days to OWA
My event viewer, although is set at 250MB cannot go that far back.  I get maybe 3 days.
I added the dll, you recommended too... same thing... since the variable for lastlogin isn't changing, neither is the Additional Account Info tab.

I did find an IIS log .. I'll look at that now..
Any other ideas?
The IIS file shows logins, but it's one log file for each day!
Any log file parsers that can merge the last 30 days of files and give me results?
I can search for users from the AD list of inactive.
I just need to confirm that the AD Inactive accounts, really have NOT logged into OWA.
Avatar of ryansoto
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SO ended up using TXTColelctor to merge 30 log files making a 600MB file.
Notepad & Wordpad crap out and MS Word caps out at 512MB, so I used TextPad (I love that software) and got what I need done.

What a turnabout way of doing things...

Once I get my TriGeo fully up and running, it better provide the log info I need.

Thanks for the help.