Solved

ad accurate last login

Posted on 2014-01-27
11
676 Views
Last Modified: 2014-01-29
does the output of net user username /domain give an accurate last login to the domain, or a last login when logging in via a specific domain controller? If its only per DC, how can you get an accurate last login?
0
Comment
Question by:pma111
11 Comments
 
LVL 13

Assisted Solution

by:SagiEDoc
SagiEDoc earned 100 total points
ID: 39811937
The information stored per DC. There are tools that will read the logs of all DC's and give you a nice overview. Personally I made a simple SQL database, I have a login script that then records the username, machine, tag number, IP address and MAC address. I use this database for a host of tracking issues.
0
 
LVL 4

Accepted Solution

by:
pcmghouse earned 350 total points
ID: 39811993
lastlogontimestamp is a replicated value which will be the sam on all DCs.
If you look at AD Users and Computers/Attributes you will find the value in date format.

If you need to see it through windows powershell on dc(import-module activedirectory):
$myuser=get-aduser myusername -properties lastlogontimestamp

It will generate a numeric value. You can convert the value to datetime:
[DateTime]::FromFileTime($myuser.'lastlogontimestamp')

I am assuming you will use this attribute for cleanup of accounts.

Otherwise you need to get lastlogon attribute from each dc. Then sort it out.
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39812057
Here is a powershell script
======================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 3

Author Comment

by:pma111
ID: 39812071
so as a rule if you run

net user username /domain

on any DC it will return the accurate data?
0
 
LVL 3

Assisted Solution

by:SandyWalve
SandyWalve earned 50 total points
ID: 39812082
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39814150
lastlogon is reported by the dc the command is run on. That particular dc has the lastlogon of the user when that particular dc was used for authentication.
Another dc might have been used at a different time for the same user. Hence the lastlogon will have a different value on the another dc.

Hence the above script will go thru the dcs last logon. Then the latest will be selected.
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817120
Slight mistake (Didn't put the -server paramater)
========================================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon -server $hostname
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
 
LVL 3

Author Comment

by:pma111
ID: 39817198
thanks for the script, is the stamp in ad users and computers also accurate? how can it be retreived from that system?
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817204
AD Users and Computers. View Advanced features.
Go to the user properties. then Attribute editor. lastlogon attribute.
(Do not use the search option).

You need to change domain controller to see the value on each dc.
0
 
LVL 3

Author Comment

by:pma111
ID: 39817205
thanks for your help...
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817224
Anytime. I hope I will get all the points.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Reverse DND setup 6 38
Antivirus in server 3 19
AD issue after VM restore 5 12
Trust DNS Resolution for Unqualified Names 3 11
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question