Solved

How to tell the last time a user logged in?

Posted on 2008-10-06
3
363 Views
Last Modified: 2008-10-06
I have a user on my domain and I want to see if they logged in today and if so what time and duration.

The security logs are horrible for filtering, if that is the only option do you have any suggestions on how to filter efficiently?
0
Comment
Question by:LrdKanien
3 Comments
 
LVL 1

Accepted Solution

by:
Chris Brock earned 500 total points
ID: 22654173
0
 
LVL 15

Expert Comment

by:fishadr
ID: 22654299
There is a good reference site here on last logons:
http://www.rlmueller.net/Last%20Logon.htm

Any DC (Domain Controller) in a domain can authenticate a user and this information is not normally replicated to the other domain controllers -  unless you are running Windows Server 2003 and the domain is at Windows Server 2003 functional level in which case there is a new attribute available called lastLogonTimeStamp which is replicated to the other domain controllers. To reduce replication traffic this data is not replicated all the time and is only usually replicated if the time stamp for a users last logon is over 14 days old. This is a quick way of identifying if an account has logged on recently.

The best method I have found is to write a script to query the lastlogon timestamp for each user object in the domain on each server and use the latest value (last logon) for each user and this can be used to produce a report - Sample scripts are available on the above website.

The JoeWare tools is good (as are his other utilities), I am not sure if it queries all the Domain Controllers or just the specified server (in which case you will have to run it against all the servers and then use the newest last logon date for each user from each servers)

Either way will work and as far as I know there are no easier ways of getting this information out.
0
 

Author Comment

by:LrdKanien
ID: 22654631
I need the Last Logoff variable to be set as well but it is showing as Not set.  What can I do?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

30 Experts available now in Live!

Get 1:1 Help Now