Solved

Last logged on time

Posted on 2011-09-16
4
475 Views
Last Modified: 2012-06-27
Hi guys,
We would like to achieve the following 2 tasks.

1)the last date/time a user has logged on to our domain.
We have around 150 domain controllers in a 2003 AD domain.

2)find out what domain administrators have not logged on with their account in the last 6 months.

Any help on finding this out would be much appreciated.
0
Comment
Question by:Simon336697
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 36553178
You can use the lastlogontimestamp variable and a tool called adfind by Joe Richards

I have an example here   http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24724528.html

Lastlogon timestamp is accurate between 9-14 days

A nice free GUI AD tool for reporting is adinfo  http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html

I'm off to bed but hopefully those help some.

Thanks

Mike
0
 
LVL 17

Assisted Solution

by:Tony Massa
Tony Massa earned 166 total points
ID: 36553956
Oldcmp from Joe Richards, the author of ADFind will produce a reports of accounts that haven't been used in X number of days.  

Be aware that if you want the absolute accurate last login for a user in the last, say 2 days, you will  have to use the lastLogon attribute,which is NOT replicated.  You will have to query all DCs to be sure.

http://blogs.technet.com/b/heyscriptingguy/archive/2010/01/27/dandelions-vcr-clocks-and-last-logon-times-these-are-a-few-of-our-least-favorite-things.aspx

Code to get lastLogon info from all domain controllers and output the most recent time

http://blogs.msdn.com/b/alejacma/archive/2009/03/12/how-to-get-lastlogon-property-for-all-users-in-a-domain-vbscript.aspx
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 167 total points
ID: 36555562
You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.

True Last Logon displays the following Active Directory information:
--Users real name and logon name
--Detailed account status
--Last Logon Date & Time
--Last Logon Timestamp (Replicated value)
--Account Expiry Date & Time
--Enabled or Disabled Account
--Locked Accounts
--Password Expires
--Password Last Set Date & Time
--Logon Count
--Bad Password Count
--Expiry Date
--You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)

Refer the below link for trial version:
http://www.dovestones.com/products/True_Last_Logon.asp
0
 
LVL 1

Author Closing Comment

by:Simon336697
ID: 36946200
Thanks so much guys sorrry about the delay.
0

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now