Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 905
  • Last Modified:

ad accurate last login

does the output of net user username /domain give an accurate last login to the domain, or a last login when logging in via a specific domain controller? If its only per DC, how can you get an accurate last login?
0
pma111
Asked:
pma111
3 Solutions
 
Brett DanneyIT ArchitectCommented:
The information stored per DC. There are tools that will read the logs of all DC's and give you a nice overview. Personally I made a simple SQL database, I have a login script that then records the username, machine, tag number, IP address and MAC address. I use this database for a host of tracking issues.
0
 
pcmghouseCommented:
lastlogontimestamp is a replicated value which will be the sam on all DCs.
If you look at AD Users and Computers/Attributes you will find the value in date format.

If you need to see it through windows powershell on dc(import-module activedirectory):
$myuser=get-aduser myusername -properties lastlogontimestamp

It will generate a numeric value. You can convert the value to datetime:
[DateTime]::FromFileTime($myuser.'lastlogontimestamp')

I am assuming you will use this attribute for cleanup of accounts.

Otherwise you need to get lastlogon attribute from each dc. Then sort it out.
0
 
pcmghouseCommented:
Here is a powershell script
======================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
pma111Author Commented:
so as a rule if you run

net user username /domain

on any DC it will return the accurate data?
0
 
pcmghouseCommented:
lastlogon is reported by the dc the command is run on. That particular dc has the lastlogon of the user when that particular dc was used for authentication.
Another dc might have been used at a different time for the same user. Hence the lastlogon will have a different value on the another dc.

Hence the above script will go thru the dcs last logon. Then the latest will be selected.
0
 
pcmghouseCommented:
Slight mistake (Didn't put the -server paramater)
========================================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon -server $hostname
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
 
pma111Author Commented:
thanks for the script, is the stamp in ad users and computers also accurate? how can it be retreived from that system?
0
 
pcmghouseCommented:
AD Users and Computers. View Advanced features.
Go to the user properties. then Attribute editor. lastlogon attribute.
(Do not use the search option).

You need to change domain controller to see the value on each dc.
0
 
pma111Author Commented:
thanks for your help...
0
 
pcmghouseCommented:
Anytime. I hope I will get all the points.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now