Solved

ad accurate last login

Posted on 2014-01-27
11
666 Views
Last Modified: 2014-01-29
does the output of net user username /domain give an accurate last login to the domain, or a last login when logging in via a specific domain controller? If its only per DC, how can you get an accurate last login?
0
Comment
Question by:pma111
11 Comments
 
LVL 13

Assisted Solution

by:SagiEDoc
SagiEDoc earned 100 total points
ID: 39811937
The information stored per DC. There are tools that will read the logs of all DC's and give you a nice overview. Personally I made a simple SQL database, I have a login script that then records the username, machine, tag number, IP address and MAC address. I use this database for a host of tracking issues.
0
 
LVL 4

Accepted Solution

by:
pcmghouse earned 350 total points
ID: 39811993
lastlogontimestamp is a replicated value which will be the sam on all DCs.
If you look at AD Users and Computers/Attributes you will find the value in date format.

If you need to see it through windows powershell on dc(import-module activedirectory):
$myuser=get-aduser myusername -properties lastlogontimestamp

It will generate a numeric value. You can convert the value to datetime:
[DateTime]::FromFileTime($myuser.'lastlogontimestamp')

I am assuming you will use this attribute for cleanup of accounts.

Otherwise you need to get lastlogon attribute from each dc. Then sort it out.
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39812057
Here is a powershell script
======================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
 
LVL 3

Author Comment

by:pma111
ID: 39812071
so as a rule if you run

net user username /domain

on any DC it will return the accurate data?
0
 
LVL 3

Assisted Solution

by:SandyWalve
SandyWalve earned 50 total points
ID: 39812082
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Expert Comment

by:pcmghouse
ID: 39814150
lastlogon is reported by the dc the command is run on. That particular dc has the lastlogon of the user when that particular dc was used for authentication.
Another dc might have been used at a different time for the same user. Hence the lastlogon will have a different value on the another dc.

Hence the above script will go thru the dcs last logon. Then the latest will be selected.
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817120
Slight mistake (Didn't put the -server paramater)
========================================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon -server $hostname
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
 
LVL 3

Author Comment

by:pma111
ID: 39817198
thanks for the script, is the stamp in ad users and computers also accurate? how can it be retreived from that system?
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817204
AD Users and Computers. View Advanced features.
Go to the user properties. then Attribute editor. lastlogon attribute.
(Do not use the search option).

You need to change domain controller to see the value on each dc.
0
 
LVL 3

Author Comment

by:pma111
ID: 39817205
thanks for your help...
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817224
Anytime. I hope I will get all the points.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Synchronize a new Active Directory domain with an existing Office 365 tenant
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now