Solved

Last logon date/time of disabled Windows & Linux accounts

Posted on 2014-07-22
5
425 Views
Last Modified: 2014-08-05
For our User accounts audit, audit requested for last logon / used
date and time of disabled accounts (for both local & domain accounts).

We have mainly Windows 2008 R2 & Linux (RHEL 5.x/6.x and Suse).

Without enabling back the accounts, I can't get the last logon date/time
of disabled accounts  using Windows wmic and Linux "last" & "lastlog"
commands.

Q1:
Is there any other way to get this last logon information?

Q2:
For accounts that are used by services/apps like Oracle
& VMWare SA converter as well as Linux accounts that
we 'sudo' only, I also can't get last logon/used info?
Any way to get it?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
Emmanuel Adebayo earned 250 total points
ID: 40213556
For Windows, you can use the powershell  Get-ADuser as in the assist I provided earlier from the link below.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28468668.html

I'm not Linux based, I know as expert will respond shortly.

Regards
0
 

Author Comment

by:sunhux
ID: 40213935
That's for AD/domain account.  What about Windows local accounts.

To the Linux experts, do reply on Linux accounts, thanks
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 250 total points
ID: 40214827
why can't you use last or lastlog?
any errors?

doing sudo /usr/bin/last or sudo /usr/bin/lastlog yields what?
0
 

Author Comment

by:sunhux
ID: 40216025
It just says "*** Logon information not available ***"
(even when issued using sudo or root)
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 250 total points
ID: 40216169
maybe someone overwrote the file?
what you are doing is correct; message means there is nothing there in the log to show
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This article summaries thoughts and ideas from two years of sustained use. It provides good reasoning to make the jump to Windows 10.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question