?
Solved

Determining When a User Last Logged On

Posted on 2013-06-05
6
Medium Priority
?
354 Views
Last Modified: 2013-11-14
Is there a way in Server 2008 R2 AD to determing when a user last loged on?  I have probably over a hundred accounts that are from people that are no longer employed and i need to clean up my OU's.
0
Comment
Question by:CADRE308
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 39223493
0
 

Author Comment

by:CADRE308
ID: 39223535
I saw that during a Google Search but was hoping for something that would allow me to add it to the account details. I found such .dll that could be added to Server 2003 but no luck for 2008 R2. I was hoping to avoid having to run a script for every suspecious account.
0
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 39223676
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 39223683
best practice is when a user is no longer employed to disable their AD account.

Here is a script that you can run periodically.. it will search the entire OU and disable and report accounts that haven't been active for 90 days, mark in the description when the account was disabled, and remove accounts that have been disabled for more than 14 days based upon the date disabled in the description

#import the ActiveDirectory Module
Import-Module ActiveDirectory
#Create a variable for the date stamp in the log file
$LogDate = get-date -f yyyyMMddhhmm
#Sets the OU to do the base search for all user accounts, change for your env.
$SearchBase = "OU=User_Accounts,DC=DEVLAB,DC=LOCAL"
#Create an empty array for the log file
$LogArray = @()
#Sets the number of days to delete user accounts based on value in description field
$Disabledage = (get-date).adddays(-14)
#Sets the number of days to disable user accounts based on lastlogontimestamp and pwdlastset.
$PasswordAge = (Get-Date).adddays(-90)
#RegEx pattern to verify date format in user description field.
$RegEx = '^(0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])[- /.](20)\d\d$'
#Use ForEach to loop through all users with description date older than date set. Deletes the accounts and adds to log array.
ForEach ($DeletedUser in (Get-Aduser -searchbase $SearchBase -Filter {enabled -eq $False} -properties description ) ){
  #Verifies description field is in the correct date format by matching the regular expression from above to prevent errors with other disbaled users.
  If ($DeletedUser.Description -match $Regex){
    #Compares date in the description field to the DisabledAge set.
    If((get-date $DeletedUser.Description) -le $Disabledage){
      #Deletes the user object. This will prompt for each user. To suppress the prompt add "-confirm:$False". To log only add "-whatif".
      Remove-ADObject $DeletedUser
        #Create new object for logging
        $obj = New-Object PSObject
        $obj | Add-Member -MemberType NoteProperty -Name "Name" -Value $DeletedUser.name
        $obj | Add-Member -MemberType NoteProperty -Name "samAccountName" -Value $DeletedUser.samaccountname
        $obj | Add-Member -MemberType NoteProperty -Name "DistinguishedName" -Value $DeletedUser.DistinguishedName
        $obj | Add-Member -MemberType NoteProperty -Name "Status" -Value 'Deleted'
        #Adds object to the log array
        $LogArray += $obj
    }
  }
}

#Use ForEach to loop through all users with pwdlastset and lastlogontimestamp greater than date set. Also added users with no lastlogon date set. Disables the accounts and adds to log array.
ForEach ($DisabledUser in (Get-ADUser -searchbase $SearchBase -filter {((lastlogondate -notlike "*") -OR (lastlogondate -le $Passwordage)) -AND (passwordlastset -le $Passwordage) -AND (enabled -eq $True)} )) {
  #Sets the user objects description attribute to a date stamp. Example "11/13/2011"
  set-aduser $DisabledUser -Description ((get-date).toshortdatestring())
  #Disabled user object. To log only add "-whatif"
  Disable-ADAccount $DisabledUser
    #Create new object for logging
    $obj = New-Object PSObject
    $obj | Add-Member -MemberType NoteProperty -Name "Name" -Value $DisabledUser.name
    $obj | Add-Member -MemberType NoteProperty -Name "samAccountName" -Value $DisabledUser.samaccountname
    $obj | Add-Member -MemberType NoteProperty -Name "DistinguishedName" -Value $DisabledUser.DistinguishedName
    $obj | Add-Member -MemberType NoteProperty -Name "Status" -Value 'Disabled'
    #Adds object to the log array
    $LogArray += $obj
}
#Exports log array to CSV file in the temp directory with a date and time stamp in the file name.
$logArray | Export-Csv "C:\Temp\User_Report_$logDate.csv" -NoTypeInformation

Open in new window

http://blogs.technet.com/b/heyscriptingguy/archive/2011/11/30/use-powershell-to-find-and-remove-inactive-active-directory-users.aspx
0
 
LVL 3

Expert Comment

by:violageek
ID: 39227819
I know you asked for something that you can add to the attributes but here is another PS script that exports the login times to a csv file that you can use for clean up if necessary.

http://www.clintmcguire.com/get-alluserlastlogon/

Hope this helps!
0
 
LVL 2

Expert Comment

by:oliverbob
ID: 39237962
I don't know how to tell which user on which computer but I can tell you how to know when the computer last touched your network. In ADUnC, make sure Advanced is selected from under view menu. On the AD computer object you can goto attribute editor tab (in modern versions of AD tools) and look for lastLogonTimeStamp which will tell you when the computer last booted or logged into the network (every computer on the Domain actually logs in with their own secret password). It's accurate to within 5 days.

Also some info that may help for the future Get a list of who logged in to each server

new Server 2008 R2 features for account auditing and logon events http://technet.microsoft.com/en-us/library/dd560628(WS.10).aspx

free MS tracking tool for next time "limitlogin" http://technet.microsoft.com/en-us/magazine/2005.05.utilityspotlight.aspx

Moreover I found some applications also for the same. I hope they can also be useful for you. If you suggest.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question