Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

the last logon timestamp for a user

Posted on 2008-11-14
20
Medium Priority
?
966 Views
Last Modified: 2012-05-05
' This VBScript code prints the last logon timestamp for a user.

' ---------------------------------------------------------------
' From the book "Active Directory Cookbook" by Robbie Allen
' ISBN: 0-596-00466-4
' ---------------------------------------------------------------

' ------ SCRIPT CONFIGURATION ------
strUserDN="cn=username, ou=usrou, dc=name01.pa.domain, dc=org"  

' ------ END CONFIGURATION ---------

set objUser = GetObject("LDAP://" & strUserDN)
set objLogon = objUser.Get("lastLogonTimestamp")
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
WScript.Echo "Approx last logon timestamp: " & intLogonTime + #1/1/1601#

I tried using the above VB script I found on the internet and tried to use it to get the last time a given user logged into the domain, this way I can find out if I can change the password on the user without risking it might be used somewhere.

My Domain is pretty big we have a main domain with several child domains to it

When I run the script this is what I get

Line:13
Char:1
Error: A referral was returned from the server
Code: 8007202B
Source: (null)

Thanks

error.jpg
0
Comment
Question by:IT_Resource
  • 8
  • 7
  • 5
20 Comments
 
LVL 18

Accepted Solution

by:
exx1976 earned 1600 total points
ID: 22962960
What is all that mess??  Nice book..   LOL


To get the last logon for a user, just use the code below.  Note that there are NO SPACES in the DN (line 1)...

Enjoy!
strUserDN="cn=username,ou=usrou,dc=name01.pa.domain,dc=org"  
set objUser = GetObject("LDAP://" & strUserDN)
wscript.echo objUser.lastlogin

Open in new window

0
 

Author Comment

by:IT_Resource
ID: 22963093
i'm getting the same error using the above code
question
where would it be the safe to run this script from? on the DC or WS?
0
 
LVL 14

Assisted Solution

by:rejoinder
rejoinder earned 400 total points
ID: 22963282
Can you please double check that your distinguished name is pointing to the correct domain.  I have seen 8007202B errors before and usually it cannot find the correct domain.
For instance in your example you had;
strUserDN="cn=username, ou=usrou, dc=name01.pa.domain, dc=org"  
Try this instead;
strUserDN="CN=username,OU=userou,DC=PA,DC=domain,DC=org"
My gut tells me the error is in the domain or DC section of your code.
For the best results, open the AD snap-in tool.  CHange the view to advanced.  Right click a user and view the properties.  Go to the Object tab and you will see the users DN info.  The domain name will be xxx.yyy.zzz/ou/ou/user  You need to code it so that the order is CN (users name), OU (start with the OU closest to the user and work your way back to the domain), then DC (break each section out in left to right order DC=xxx,DC=yyy,DC=zzz)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 18

Expert Comment

by:exx1976
ID: 22963289
From anywhere in the domain, as long as the user running it has permissions to read those attributes from AD.

Please paste the exact line that's giving you an error.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22963301
D'oh!   Yeah, I missed that..

You have to have the correct DN in order for this to work.

LOL

Good catch rejoinder
0
 

Author Comment

by:IT_Resource
ID: 22963445
ok let's try this a little different
here is what I get on the Object tab

pa.domain.org/ABC/ABC Conversion

if I pulg that in shoudn't it look like this:

strUserDN="cn=ABC Conversion,ou=ABC,dc=pa.domain,dc=org"  
set objUser = GetObject("LDAP://" & strUserDN)
wscript.echo objUser.lastlogin

well if that's right it's still giving me the same error

0
 
LVL 14

Expert Comment

by:rejoinder
ID: 22963474
Make it look like this;
strUserDN="cn=ABC Conversion,ou=ABC,dc=pa,dc=domain,dc=org"  
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22963477
Nope.  Use this


strUserDN = "CN=ABC Conversion,OU=ABC,DC=pa,DC=domain,DC=org"
set objUser = GetObject("LDAP://" & strUserDN)
wscript.echo objUser.lastlogin

Open in new window

0
 

Author Comment

by:IT_Resource
ID: 22963512
WTF!!!
check what I get... lol...
vb2.jpg
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22963531
Ok, what is line 3?  Are there only 3 lines in the vbs file you're using?  Please post line 3.

Most likely there's a fatfinger in the DN..
0
 

Author Comment

by:IT_Resource
ID: 22963567
set objUser = GetObject("LDAP://" & strUserDN)
0
 
LVL 14

Expert Comment

by:rejoinder
ID: 22963598
If that line is the 3rd line then we have to go back to the distinguished name you are entering above.
Basically the script cannot find the user name you are entering.  Perhaps there is a longer OU path tha is missing?  If so, please come clean and lets see the users full path so we can help sort this out.
0
 

Author Comment

by:IT_Resource
ID: 22963669
let me show you
pic.jpg
0
 
LVL 14

Expert Comment

by:rejoinder
ID: 22963796
Great - so I take it your script looks exactly like this...
If the script still does not work, then the OU PGM may be a container rather than an OU in which case you would need to use this as line 1;
strUserDN = "CN=PGM Conversion,CN=PGM,DC=na,DC=bpww,DC=org"
strUserDN = "CN=PGM Conversion,OU=PGM,DC=na,DC=bpww,DC=org"
set objUser = GetObject("LDAP://" & strUserDN)
wscript.echo objUser.lastlogin

Open in new window

0
 
LVL 18

Expert Comment

by:exx1976
ID: 22963803
strUserDN = "CN=PGM Conversion,OU=PGM,DC=na,DC=bpww,DC=org"

Use that.
0
 

Author Comment

by:IT_Resource
ID: 22963848
ok it's getting better
here is what I'm getting

onemore.jpg
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22963896
That means the account has never logged on...   ??
0
 

Author Comment

by:IT_Resource
ID: 22963930
Rock on.
you guys are good at this.
how would you say it's fair to split some points here?
0
 
LVL 14

Expert Comment

by:rejoinder
ID: 22963940
Hey this is all exx1976's script, I'd be happy with anything :-)
0
 

Author Closing Comment

by:IT_Resource
ID: 31516919
Keep it up guys
Good Work
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
This article describes how to use a set of graphical playing cards to create a Draw Poker game in Excel or VB6.
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
Suggested Courses
Course of the Month13 days, 11 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question