last logon

please how can I know the last logon for a user in Active directory
thx
DRRAMAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Darius GhassemCommented:
Here is a script that gets you the last logon for the users.

http://gallery.technet.microsoft.com/scriptcenter/c69303e3-7978-4c5a-bf28-e55e9a71082c
0
KenMcFCommented:
How mnay DCs do you have?

You can query the lastlogon attribnute on each DC using programs like ADFind or powershell

adfind -default -f "(&(objectcategory=person)(objectclass=user)" samaccountname,lastlogon

or query the lastlogontimestamp which is replicated every 9-14 days

adfind -default -f "(&(objectcategory=person)(objectclass=user)" samaccountname,lastlogontimestamp
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

DRRAMAuthor Commented:
dariusg
it is in power shell
is that you have another in vbs
or other idea or command
0
DRRAMAuthor Commented:

KenMcF

does not work


ldap_get_next_page_s: [WIN-72DPOQ5V76I.ent.fr] Error 0x57 (87) - Erreur de filtr
e


0 Objects returned
0
Neil RussellTechnical Development LeadCommented:
Or a great toolset that can be purchased for not much money. Every sysadmin should have a copy!

http://www.dovestones.com/products/True_Last_Logon.asp
Thats one of the tools in the toolset

The full toolset is at http://www.dovestones.com/products/active-directory-tools.asp

$199US
0
KenMcFCommented:
forgot a )


adfind -default -f "(&(objectcategory=person)(objectclass=user))" samaccountname,lastlogon

there is also a swithc to decode the timestamp

-tdcs
0
DRRAMAuthor Commented:
KenMcF
""adfind -default -f "(&(objectcategory=person)(objectclass=user))" samaccountname,lastlogon"""

it not give me the date and duration of the last logon ..????
0
KenMcFCommented:
sorry do not use the comma

adfind -default -f "(&(objectcategory=person)(objectclass=user))" samaccountname lastlogon -tdcs
0
DRRAMAuthor Commented:
KenMcF:

very well
and if I well clarify that the users not connect from 180 days
0
KenMcFCommented:
You can use ADFind for that but I think another one of joes tools is easier to use for this, oldcomp

here is an ADFind example
http://blog.joeware.net/2008/11/28/1517/


Oldcmp.exe –report –users –age 180 –llts
0
DRRAMAuthor Commented:
OldCmp V01.05.00cpp Joe Richards (joe@joeware.net) December 2004

ERROR: No action options specified.
ERROR: Please specify one of the following:
ERROR:      /report
ERROR:      /disable
ERROR:      /delete


Type oldcmp /help or oldcmp /? for usage assistance.
0
KenMcFCommented:
try

Oldcmp.exe /report /users /age 180 -llts
0
DRRAMAuthor Commented:
age 180 ?????
0
KenMcFCommented:
From the help file

 -age x         Min Days Old for password age.  (Default 90 days)

 -llts          If K3 domain in Domain Functional mode uses
                lastLogonTimeStamp instead of pwdLastSet for age options.
0
SandeshdubeySenior Server EngineerCommented:
You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.

True Last Logon displays the following Active Directory information:
--Users real name and logon name
--Detailed account status
--Last Logon Date & Time
--Last Logon Timestamp (Replicated value)
--Account Expiry Date & Time
--Enabled or Disabled Account
--Locked Accounts
--Password Expires
--Password Last Set Date & Time
--Logon Count
--Bad Password Count
--Expiry Date
--You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)

Refer the below link for trial version:
http://www.dovestones.com/products/True_Last_Logon.asp
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DRRAMAuthor Commented:
THX
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.