Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Last logged on time

Posted on 2011-09-16
4
Medium Priority
?
488 Views
Last Modified: 2012-06-27
Hi guys,
We would like to achieve the following 2 tasks.

1)the last date/time a user has logged on to our domain.
We have around 150 domain controllers in a 2003 AD domain.

2)find out what domain administrators have not logged on with their account in the last 6 months.

Any help on finding this out would be much appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 668 total points
ID: 36553178
You can use the lastlogontimestamp variable and a tool called adfind by Joe Richards

I have an example here   http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24724528.html

Lastlogon timestamp is accurate between 9-14 days

A nice free GUI AD tool for reporting is adinfo  http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html

I'm off to bed but hopefully those help some.

Thanks

Mike
0
 
LVL 17

Assisted Solution

by:Tony Massa
Tony Massa earned 664 total points
ID: 36553956
Oldcmp from Joe Richards, the author of ADFind will produce a reports of accounts that haven't been used in X number of days.  

Be aware that if you want the absolute accurate last login for a user in the last, say 2 days, you will  have to use the lastLogon attribute,which is NOT replicated.  You will have to query all DCs to be sure.

http://blogs.technet.com/b/heyscriptingguy/archive/2010/01/27/dandelions-vcr-clocks-and-last-logon-times-these-are-a-few-of-our-least-favorite-things.aspx

Code to get lastLogon info from all domain controllers and output the most recent time

http://blogs.msdn.com/b/alejacma/archive/2009/03/12/how-to-get-lastlogon-property-for-all-users-in-a-domain-vbscript.aspx
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 668 total points
ID: 36555562
You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.

True Last Logon displays the following Active Directory information:
--Users real name and logon name
--Detailed account status
--Last Logon Date & Time
--Last Logon Timestamp (Replicated value)
--Account Expiry Date & Time
--Enabled or Disabled Account
--Locked Accounts
--Password Expires
--Password Last Set Date & Time
--Logon Count
--Bad Password Count
--Expiry Date
--You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)

Refer the below link for trial version:
http://www.dovestones.com/products/True_Last_Logon.asp
0
 
LVL 1

Author Closing Comment

by:Simon336697
ID: 36946200
Thanks so much guys sorrry about the delay.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question