?
Solved

ad accurate last login

Posted on 2014-01-27
11
Medium Priority
?
721 Views
Last Modified: 2014-01-29
does the output of net user username /domain give an accurate last login to the domain, or a last login when logging in via a specific domain controller? If its only per DC, how can you get an accurate last login?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 13

Assisted Solution

by:SagiEDoc
SagiEDoc earned 400 total points
ID: 39811937
The information stored per DC. There are tools that will read the logs of all DC's and give you a nice overview. Personally I made a simple SQL database, I have a login script that then records the username, machine, tag number, IP address and MAC address. I use this database for a host of tracking issues.
0
 
LVL 4

Accepted Solution

by:
pcmghouse earned 1400 total points
ID: 39811993
lastlogontimestamp is a replicated value which will be the sam on all DCs.
If you look at AD Users and Computers/Attributes you will find the value in date format.

If you need to see it through windows powershell on dc(import-module activedirectory):
$myuser=get-aduser myusername -properties lastlogontimestamp

It will generate a numeric value. You can convert the value to datetime:
[DateTime]::FromFileTime($myuser.'lastlogontimestamp')

I am assuming you will use this attribute for cleanup of accounts.

Otherwise you need to get lastlogon attribute from each dc. Then sort it out.
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39812057
Here is a powershell script
======================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 3

Author Comment

by:pma111
ID: 39812071
so as a rule if you run

net user username /domain

on any DC it will return the accurate data?
0
 
LVL 3

Assisted Solution

by:SandyWalve
SandyWalve earned 200 total points
ID: 39812082
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39814150
lastlogon is reported by the dc the command is run on. That particular dc has the lastlogon of the user when that particular dc was used for authentication.
Another dc might have been used at a different time for the same user. Hence the lastlogon will have a different value on the another dc.

Hence the above script will go thru the dcs last logon. Then the latest will be selected.
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817120
Slight mistake (Didn't put the -server paramater)
========================================

import-module activedirectory
function Get-ADUserLastLogon([string]$userName)
{
  $domaincontrollers = Get-ADDomainController -Filter {Name -like "*"}
  $time = 0
  foreach($domaincontroller in $domaincontrollers)
  {
    $hostname = $domaincontroller.HostName
    $user = Get-ADUser $userName -Properties lastLogon -server $hostname
    if($user.LastLogon -gt $time)
    {
      $time = $user.LastLogon
    }
  }
  $userlogindate = [DateTime]::FromFileTime($time)
  Write-Host $username "last logged on at:" $userlogindate }

Get-ADUserLastLogon -UserName pa1111
0
 
LVL 3

Author Comment

by:pma111
ID: 39817198
thanks for the script, is the stamp in ad users and computers also accurate? how can it be retreived from that system?
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817204
AD Users and Computers. View Advanced features.
Go to the user properties. then Attribute editor. lastlogon attribute.
(Do not use the search option).

You need to change domain controller to see the value on each dc.
0
 
LVL 3

Author Comment

by:pma111
ID: 39817205
thanks for your help...
0
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39817224
Anytime. I hope I will get all the points.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question