• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7763
  • Last Modified:

dsquery - last logon


The following gives me the last logon time of a user.  However, given the existence of products like “Real Last Logon”, my understanding is that the below query would need to be run on several domain controllers to get a accurate time.

dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=%username%))" -attr sAMAccountName distinguishedName lastLogon

Can the dsquery tool target a specific domain controller to ease this burden?
0
Marketing_Insists
Asked:
Marketing_Insists
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
Instead of lastLogon use lastLogonTimeStamp which is replicated between all DCs in a domain.
More about this attribut on a blog Ask DS at
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx

Regards,
Krzysztof
0
 
Mike KlineCommented:
agree with Krzystof, what the tool you mentioned does hits every DC.  I haven't used it myself.

I'd use a tool like adfind http://www.joeware.net/freetools/tools/adfind/index.htm or the Quest powershsll cmdlets as they do a better job of decoding the dates


adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname lastlogontimestamp -tdc -nodn

Thanks

Mike
0
 
Marketing_InsistsAuthor Commented:
Thanks, this was it
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now