?
Solved

WinNT "True Last Logon" script

Posted on 2010-08-19
4
Medium Priority
?
1,161 Views
Last Modified: 2013-12-24
Hi,
ive been playing around with this script for finding the "true last logon" from active directory using LDAP to query all the DC. It works really well and i think i get it all
http://www.rlmueller.net/Programs/LastLogon.txt

However, i want to use this on some of our old legacy domains, so i assume i have to modify this section to work on WinNT, rather then LDAP? altho i have no idea, so im not sure if its even possible or if im looking at this the correct way? Do legacy domains also have multiple Domain controllers?!
I dont log into the legacy domain, as my RootDSE either
The Legacy domain is called old-xx

Set objRootDSE = GetObject("LDAP://RootDSE")

strConfig = objRootDSE.Get("configurationNamingContext")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory for ObjectClass nTDSDSA.
' This will identify all Domain Controllers.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

strBase = "<LDAP://" & strConfig & ">"
strFilter = "(objectClass=nTDSDSA)"
strAttributes = "AdsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"


i found this script, however i wasnt sure if this was going to correctly give me a list back of all the different DC on NT4?
Sub PullAllDomains()
    Dim objNameSpace
    Dim Domain

    Set objNameSpace = GetObject("WinNT://ADE-CH")
    For Each Domain In objNameSpace
       MsgBox Domain.Name
    Next
  End Sub

nb. im writing this in Excel 2003 vb, as i need the results kicked back into an excel file for further analysis
0
Comment
Question by:jamiepryer
  • 2
  • 2
4 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 33477158
That won't work in an NT4 domain. Easiest workaround: download DumpSec (http://www.systemtools.com/somarsoft/index.html), go to "Reports > Dump Users ...", add "Last Logon Time" to the selected fields, and check the box "Show 'true' last logon time".
You can run it remotely against a DC by setting the server under "Report > Select Computer ..."
You can then save the dump as tab separated file and open it in Excel.
0
 

Author Comment

by:jamiepryer
ID: 33477276
thanks, will check that out

can you explian why this wont work?
I just want to pump all my user information out from all my domains into an array and then i can work out the proper last logon
0
 
LVL 85

Expert Comment

by:oBdA
ID: 33477369
Because NT4 doesn't have LDAP or an AD provider.
Note that you can generate the report from the command line as well if you plan to do this on a regular basis against several domains; Help > Contents explains the command line options.
0
 

Author Comment

by:jamiepryer
ID: 33482855
so with NT4 domains, you cant run a WinNT script to get the information?

Ive got a script that pulls all teh user information, however ive been told that lastlogin doesnt replicate around all the DC's, so this is why i need to collect information for each user for each domain.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
In today's business world, data is more important than ever for informing marketing campaigns. Accessing and using data, however, may not come naturally to some creative marketing professionals. Here are four tips for adapting to wield data for insi…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question