[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 429
  • Last Modified:

Last User/Computer Domain Logon AD


I seem to remember doing similar for someone ages ago with 2003, but I cant remember how I did it.

It was some kind of AD addin that showed an extra tab in ADUC, which showed the last time a user logged on.

This time I am specifically after the time a computer last had domain contact, as I want to clean some lists up for old PC's etc.

Needs to be free and needs to support 2003 and 2008.
  • 2
1 Solution
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
I assume you mean these instructions?
which should work in windows 2008 environments too.. but just in case you are using the 64 bit os... there is more information here:
It can be found from pwdLastSet attribute if there is anything older than 30 days in a native environment then it can be seen as inactive I do not know if u can bring up in the property sheet.

for users from the resource kit this file did the job acctinfo.dll

But I found this script interesting if it helps

Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
I usually look at LastLogin as the most reliable, but that isn't replicated between domain controllers.  LastLogon-Timestamp IS replicated, but can be two weeks old on any specific domain controller.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now