Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 334
  • Last Modified:

Can I query for what times a user authenticated against AD using DSQUERY?

Can I query for what times a user authenticated against AD using DSQUERY?  I'm running in mixed mode.
0
instaIT
Asked:
instaIT
  • 2
1 Solution
 
R_JanssenCommented:
Yep,
Example:
dsquery * "cn=Bill Gates,ou=test,dc=microdomain,dc=com" -scope base -attr
lastLogonTimestamp
 
0
 
Chris DentPowerShell DeveloperCommented:

That won't be entirely accurate. The attribute is described here:

http://msdn.microsoft.com/en-us/library/ms676824.aspx

And discussed here:

http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx

Which tells us that the attribute above may be off by as much as 14 days.

So it's great, depending on how accurate you need / want to be.

Chris
0
 
instaITAuthor Commented:
Is there a way to see the history over a period of time rather than just the last logon stamp?
0
 
Chris DentPowerShell DeveloperCommented:

Nope, both lastLogon and lastLogonTimeStamp are single value attributes.

Basically, if you want a history you'd have to write something to maintain it, perhaps something through a logon script?

It would be possible to do it on the server side, but for accuracy you'll need the lastLogon attribute. The problem is, that one isn't replicated, which means you have to check every DC in your environment to get the actual value. That would be painful if it were required of a regular basis.

Chris
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now