Solved

Last logon date/time of disabled Windows & Linux accounts

Posted on 2014-07-22
5
418 Views
Last Modified: 2014-08-05
For our User accounts audit, audit requested for last logon / used
date and time of disabled accounts (for both local & domain accounts).

We have mainly Windows 2008 R2 & Linux (RHEL 5.x/6.x and Suse).

Without enabling back the accounts, I can't get the last logon date/time
of disabled accounts  using Windows wmic and Linux "last" & "lastlog"
commands.

Q1:
Is there any other way to get this last logon information?

Q2:
For accounts that are used by services/apps like Oracle
& VMWare SA converter as well as Linux accounts that
we 'sudo' only, I also can't get last logon/used info?
Any way to get it?
0
Comment
Question by:sunhux
  • 2
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
Emmanuel Adebayo earned 250 total points
ID: 40213556
For Windows, you can use the powershell  Get-ADuser as in the assist I provided earlier from the link below.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28468668.html

I'm not Linux based, I know as expert will respond shortly.

Regards
0
 

Author Comment

by:sunhux
ID: 40213935
That's for AD/domain account.  What about Windows local accounts.

To the Linux experts, do reply on Linux accounts, thanks
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 250 total points
ID: 40214827
why can't you use last or lastlog?
any errors?

doing sudo /usr/bin/last or sudo /usr/bin/lastlog yields what?
0
 

Author Comment

by:sunhux
ID: 40216025
It just says "*** Logon information not available ***"
(even when issued using sudo or root)
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 250 total points
ID: 40216169
maybe someone overwrote the file?
what you are doing is correct; message means there is nothing there in the log to show
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Defender Accessing Excluded Drives 5 67
Free OST to PST converter 8 56
Windows Password recovery 7 32
Cleaning up a desktop after leaving a domain 3 22
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now