the last logon timestamp for a user

' This VBScript code prints the last logon timestamp for a user.

' ---------------------------------------------------------------
' From the book "Active Directory Cookbook" by Robbie Allen
' ISBN: 0-596-00466-4
' ---------------------------------------------------------------

' ------ SCRIPT CONFIGURATION ------
strUserDN="cn=username, ou=usrou, dc=name01.pa.domain, dc=org"  

' ------ END CONFIGURATION ---------

set objUser = GetObject("LDAP://" & strUserDN)
set objLogon = objUser.Get("lastLogonTimestamp")
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
WScript.Echo "Approx last logon timestamp: " & intLogonTime + #1/1/1601#

I tried using the above VB script I found on the internet and tried to use it to get the last time a given user logged into the domain, this way I can find out if I can change the password on the user without risking it might be used somewhere.

My Domain is pretty big we have a main domain with several child domains to it

When I run the script this is what I get

Line:13
Char:1
Error: A referral was returned from the server
Code: 8007202B
Source: (null)

Thanks

error.jpg
IT_ResourceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

exx1976Commented:
What is all that mess??  Nice book..   LOL


To get the last logon for a user, just use the code below.  Note that there are NO SPACES in the DN (line 1)...

Enjoy!
strUserDN="cn=username,ou=usrou,dc=name01.pa.domain,dc=org"  
set objUser = GetObject("LDAP://" & strUserDN)
wscript.echo objUser.lastlogin

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IT_ResourceAuthor Commented:
i'm getting the same error using the above code
question
where would it be the safe to run this script from? on the DC or WS?
0
rejoinderCommented:
Can you please double check that your distinguished name is pointing to the correct domain.  I have seen 8007202B errors before and usually it cannot find the correct domain.
For instance in your example you had;
strUserDN="cn=username, ou=usrou, dc=name01.pa.domain, dc=org"  
Try this instead;
strUserDN="CN=username,OU=userou,DC=PA,DC=domain,DC=org"
My gut tells me the error is in the domain or DC section of your code.
For the best results, open the AD snap-in tool.  CHange the view to advanced.  Right click a user and view the properties.  Go to the Object tab and you will see the users DN info.  The domain name will be xxx.yyy.zzz/ou/ou/user  You need to code it so that the order is CN (users name), OU (start with the OU closest to the user and work your way back to the domain), then DC (break each section out in left to right order DC=xxx,DC=yyy,DC=zzz)
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

exx1976Commented:
From anywhere in the domain, as long as the user running it has permissions to read those attributes from AD.

Please paste the exact line that's giving you an error.
0
exx1976Commented:
D'oh!   Yeah, I missed that..

You have to have the correct DN in order for this to work.

LOL

Good catch rejoinder
0
IT_ResourceAuthor Commented:
ok let's try this a little different
here is what I get on the Object tab

pa.domain.org/ABC/ABC Conversion

if I pulg that in shoudn't it look like this:

strUserDN="cn=ABC Conversion,ou=ABC,dc=pa.domain,dc=org"  
set objUser = GetObject("LDAP://" & strUserDN)
wscript.echo objUser.lastlogin

well if that's right it's still giving me the same error

0
rejoinderCommented:
Make it look like this;
strUserDN="cn=ABC Conversion,ou=ABC,dc=pa,dc=domain,dc=org"  
0
exx1976Commented:
Nope.  Use this


strUserDN = "CN=ABC Conversion,OU=ABC,DC=pa,DC=domain,DC=org"
set objUser = GetObject("LDAP://" & strUserDN)
wscript.echo objUser.lastlogin

Open in new window

0
IT_ResourceAuthor Commented:
WTF!!!
check what I get... lol...
vb2.jpg
0
exx1976Commented:
Ok, what is line 3?  Are there only 3 lines in the vbs file you're using?  Please post line 3.

Most likely there's a fatfinger in the DN..
0
IT_ResourceAuthor Commented:
set objUser = GetObject("LDAP://" & strUserDN)
0
rejoinderCommented:
If that line is the 3rd line then we have to go back to the distinguished name you are entering above.
Basically the script cannot find the user name you are entering.  Perhaps there is a longer OU path tha is missing?  If so, please come clean and lets see the users full path so we can help sort this out.
0
IT_ResourceAuthor Commented:
let me show you
pic.jpg
0
rejoinderCommented:
Great - so I take it your script looks exactly like this...
If the script still does not work, then the OU PGM may be a container rather than an OU in which case you would need to use this as line 1;
strUserDN = "CN=PGM Conversion,CN=PGM,DC=na,DC=bpww,DC=org"
strUserDN = "CN=PGM Conversion,OU=PGM,DC=na,DC=bpww,DC=org"
set objUser = GetObject("LDAP://" & strUserDN)
wscript.echo objUser.lastlogin

Open in new window

0
exx1976Commented:
strUserDN = "CN=PGM Conversion,OU=PGM,DC=na,DC=bpww,DC=org"

Use that.
0
IT_ResourceAuthor Commented:
ok it's getting better
here is what I'm getting

onemore.jpg
0
exx1976Commented:
That means the account has never logged on...   ??
0
IT_ResourceAuthor Commented:
Rock on.
you guys are good at this.
how would you say it's fair to split some points here?
0
rejoinderCommented:
Hey this is all exx1976's script, I'd be happy with anything :-)
0
IT_ResourceAuthor Commented:
Keep it up guys
Good Work
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic Classic

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.