Solved

dsquery - last logon

Posted on 2011-09-30
3
6,155 Views
Last Modified: 2012-05-12

The following gives me the last logon time of a user.  However, given the existence of products like “Real Last Logon”, my understanding is that the below query would need to be run on several domain controllers to get a accurate time.

dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=%username%))" -attr sAMAccountName distinguishedName lastLogon

Can the dsquery tool target a specific domain controller to ease this burden?
0
Comment
Question by:Marketing_Insists
3 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
Comment Utility
Instead of lastLogon use lastLogonTimeStamp which is replicated between all DCs in a domain.
More about this attribut on a blog Ask DS at
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx

Regards,
Krzysztof
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
agree with Krzystof, what the tool you mentioned does hits every DC.  I haven't used it myself.

I'd use a tool like adfind http://www.joeware.net/freetools/tools/adfind/index.htm or the Quest powershsll cmdlets as they do a better job of decoding the dates


adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname lastlogontimestamp -tdc -nodn

Thanks

Mike
0
 

Author Closing Comment

by:Marketing_Insists
Comment Utility
Thanks, this was it
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now