Solved

ad accurate last login

Posted on 2014-01-27
11
670 Views
Last Modified: 2014-01-29
does the output of net user username /domain give an accurate last login to the domain, or a last login when logging in via a specific domain controller? If its only per DC, how can you get an accurate last login?
0
Comment
Question by:pma111
11 Comments
 
LVL 13

Assisted Solution

by:SagiEDoc
SagiEDoc earned 100 total points
ID: 39811937
The information stored per DC. There are tools that will read the logs of all DC's and give you a nice overview. Personally I made a simple SQL database, I have a login script that then records the username, machine, tag number, IP address and MAC address. I use this database for a host of tracking issues.
0
 
LVL 4

Accepted Solution

by:
pcmghouse earned 350 total points
ID: 39811993
lastlogontimestamp is a replicated value which will be the sam on all DCs.
If you look at AD Users and Computers/Attributes you will find the value in date format.

If you need to see it through windows powershell on dc(import-module activedirectory):
$myuser=get-aduser myusername -properties lastlogontimestamp

It will generate a numeric value. You can convert the value to datetime:
[DateTime]::FromFileTime($myuser.'lastlogontimestamp')

I am assuming you will use this attribute for cleanup of accounts.

Otherwise you need to get lastlogon attribute from each dc. Then sort it out.
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39812057
Here is a powershell script
======================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Author Comment

by:pma111
ID: 39812071
so as a rule if you run

net user username /domain

on any DC it will return the accurate data?
0
 
LVL 3

Assisted Solution

by:SandyWalve
SandyWalve earned 50 total points
ID: 39812082
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39814150
lastlogon is reported by the dc the command is run on. That particular dc has the lastlogon of the user when that particular dc was used for authentication.
Another dc might have been used at a different time for the same user. Hence the lastlogon will have a different value on the another dc.

Hence the above script will go thru the dcs last logon. Then the latest will be selected.
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817120
Slight mistake (Didn't put the -server paramater)
========================================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon -server $hostname
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
 
LVL 3

Author Comment

by:pma111
ID: 39817198
thanks for the script, is the stamp in ad users and computers also accurate? how can it be retreived from that system?
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817204
AD Users and Computers. View Advanced features.
Go to the user properties. then Attribute editor. lastlogon attribute.
(Do not use the search option).

You need to change domain controller to see the value on each dc.
0
 
LVL 3

Author Comment

by:pma111
ID: 39817205
thanks for your help...
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817224
Anytime. I hope I will get all the points.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question