Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

2003 AD Domain , last logon time

Posted on 2013-01-18
5
Medium Priority
?
834 Views
Last Modified: 2013-01-27
Hey dudes, trying to find out the last known logon time for a user on the domain using the net user command but keep getting syntax errors. Anyone able to provide the correct syntax please?
0
Comment
Question by:Jason Thomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 300 total points
ID: 38792454
I don't think net user will give accurate results. There are other scripts to do that though: http://community.spiceworks.com/scripts/show/369-last-login-by-user
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 38792492
I will not be able to install the app on the end of that link and I cannot decipher the script, it appears to do a lot more than what I require.

Thanks anyway, anyone else got any ideas please?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38792568
Well, this works for me:

net user anyuser /domain
The request will be processed at a domain controller for domain xxx.local.

User name                    anyuser
Full Name                    Beek, Ernie
Comment                      xxx
User's comment
Country code                 (null)
Account active               Yes
Account expires              Never

Password last set            8-10-2009 8:40:45
Password expires             Never
Password changeable          8-10-2009 8:40:45
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script                 logon.bat
User profile
Home directory               \\xxx.local\etcetera
Last logon                   18-1-2013 12:40:18

Logon hours allowed          All

Local Group Memberships      lots
Global Group memberships     evenmore
The command completed successfully.

Open in new window


Keep in mind though that the "lastLogon" attribute is not replicated, a different value is
stored on each Domain Controller (DC) for each user or computer.
0
 
LVL 3

Accepted Solution

by:
jeorge earned 1200 total points
ID: 38792683
Hello!
i think it depends on what type of ad you are doing this.
if this is a 2003 then it's a bit difficult!
for each user you'll have to check on every DC for the lastlogontimestamp (if i recall correctly) and get the most recent entry. Why ? because this attribute is not replicated betweed DCs.

Read this thread

http://www.winserverkb.com/Uwe/Forum.aspx/windows-server-ad/19958/OldCMP-last-logon-timestamp-and-domain-controllers

or a VB scripts for
http://www.rlmueller.net/Last%20Logon.htm

Else if you want you can go for a third party freeware tool such as

http://www.lepide.com/last-logon-reporter.html

Hope it works for you.
0
 
LVL 1

Author Closing Comment

by:Jason Thomas
ID: 38824415
Thanks chaps.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question