LrdKanien
asked on
How to tell the last time a user logged in?
I have a user on my domain and I want to see if they logged in today and if so what time and duration.
The security logs are horrible for filtering, if that is the only option do you have any suggestions on how to filter efficiently?
The security logs are horrible for filtering, if that is the only option do you have any suggestions on how to filter efficiently?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I need the Last Logoff variable to be set as well but it is showing as Not set. What can I do?
http://www.rlmueller.net/Last%20Logon.htm
Any DC (Domain Controller) in a domain can authenticate a user and this information is not normally replicated to the other domain controllers - unless you are running Windows Server 2003 and the domain is at Windows Server 2003 functional level in which case there is a new attribute available called lastLogonTimeStamp which is replicated to the other domain controllers. To reduce replication traffic this data is not replicated all the time and is only usually replicated if the time stamp for a users last logon is over 14 days old. This is a quick way of identifying if an account has logged on recently.
The best method I have found is to write a script to query the lastlogon timestamp for each user object in the domain on each server and use the latest value (last logon) for each user and this can be used to produce a report - Sample scripts are available on the above website.
The JoeWare tools is good (as are his other utilities), I am not sure if it queries all the Domain Controllers or just the specified server (in which case you will have to run it against all the servers and then use the newest last logon date for each user from each servers)
Either way will work and as far as I know there are no easier ways of getting this information out.