Solved

Last logged on time

Posted on 2011-09-16
4
480 Views
Last Modified: 2012-06-27
Hi guys,
We would like to achieve the following 2 tasks.

1)the last date/time a user has logged on to our domain.
We have around 150 domain controllers in a 2003 AD domain.

2)find out what domain administrators have not logged on with their account in the last 6 months.

Any help on finding this out would be much appreciated.
0
Comment
Question by:Simon336697
4 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 167 total points
ID: 36553178
You can use the lastlogontimestamp variable and a tool called adfind by Joe Richards

I have an example here   http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24724528.html

Lastlogon timestamp is accurate between 9-14 days

A nice free GUI AD tool for reporting is adinfo  http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html

I'm off to bed but hopefully those help some.

Thanks

Mike
0
 
LVL 17

Assisted Solution

by:Tony Massa
Tony Massa earned 166 total points
ID: 36553956
Oldcmp from Joe Richards, the author of ADFind will produce a reports of accounts that haven't been used in X number of days.  

Be aware that if you want the absolute accurate last login for a user in the last, say 2 days, you will  have to use the lastLogon attribute,which is NOT replicated.  You will have to query all DCs to be sure.

http://blogs.technet.com/b/heyscriptingguy/archive/2010/01/27/dandelions-vcr-clocks-and-last-logon-times-these-are-a-few-of-our-least-favorite-things.aspx

Code to get lastLogon info from all domain controllers and output the most recent time

http://blogs.msdn.com/b/alejacma/archive/2009/03/12/how-to-get-lastlogon-property-for-all-users-in-a-domain-vbscript.aspx
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 167 total points
ID: 36555562
You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.

True Last Logon displays the following Active Directory information:
--Users real name and logon name
--Detailed account status
--Last Logon Date & Time
--Last Logon Timestamp (Replicated value)
--Account Expiry Date & Time
--Enabled or Disabled Account
--Locked Accounts
--Password Expires
--Password Last Set Date & Time
--Logon Count
--Bad Password Count
--Expiry Date
--You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)

Refer the below link for trial version:
http://www.dovestones.com/products/True_Last_Logon.asp
0
 
LVL 1

Author Closing Comment

by:Simon336697
ID: 36946200
Thanks so much guys sorrry about the delay.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Synchronize a new Active Directory domain with an existing Office 365 tenant
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question