Solved

Last logged on time

Posted on 2011-09-16
4
485 Views
Last Modified: 2012-06-27
Hi guys,
We would like to achieve the following 2 tasks.

1)the last date/time a user has logged on to our domain.
We have around 150 domain controllers in a 2003 AD domain.

2)find out what domain administrators have not logged on with their account in the last 6 months.

Any help on finding this out would be much appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 36553178
You can use the lastlogontimestamp variable and a tool called adfind by Joe Richards

I have an example here   http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24724528.html

Lastlogon timestamp is accurate between 9-14 days

A nice free GUI AD tool for reporting is adinfo  http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html

I'm off to bed but hopefully those help some.

Thanks

Mike
0
 
LVL 17

Assisted Solution

by:Tony Massa
Tony Massa earned 166 total points
ID: 36553956
Oldcmp from Joe Richards, the author of ADFind will produce a reports of accounts that haven't been used in X number of days.  

Be aware that if you want the absolute accurate last login for a user in the last, say 2 days, you will  have to use the lastLogon attribute,which is NOT replicated.  You will have to query all DCs to be sure.

http://blogs.technet.com/b/heyscriptingguy/archive/2010/01/27/dandelions-vcr-clocks-and-last-logon-times-these-are-a-few-of-our-least-favorite-things.aspx

Code to get lastLogon info from all domain controllers and output the most recent time

http://blogs.msdn.com/b/alejacma/archive/2009/03/12/how-to-get-lastlogon-property-for-all-users-in-a-domain-vbscript.aspx
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 167 total points
ID: 36555562
You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.

True Last Logon displays the following Active Directory information:
--Users real name and logon name
--Detailed account status
--Last Logon Date & Time
--Last Logon Timestamp (Replicated value)
--Account Expiry Date & Time
--Enabled or Disabled Account
--Locked Accounts
--Password Expires
--Password Last Set Date & Time
--Logon Count
--Bad Password Count
--Expiry Date
--You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)

Refer the below link for trial version:
http://www.dovestones.com/products/True_Last_Logon.asp
0
 
LVL 1

Author Closing Comment

by:Simon336697
ID: 36946200
Thanks so much guys sorrry about the delay.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question