• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 432
  • Last Modified:

How to tell when a user logged onto the domain?

How can I easily find what time a user logged into their computer Monday morning from the server? I am using 2008R2
0
JRome225
Asked:
JRome225
5 Solutions
 
Paul MacDonaldDirector, Information SystemsCommented:
Turn on auditing of Account Logon events.
0
 
JRome225Author Commented:
I do have the auditing on but its over 200K entries under security. I tried filtering it using the domain\username but it wouldn't show anything.
0
 
David Johnson, CD, MVPOwnerCommented:
you have to check each DC's security audit logs. What I do is run a logon script that simply does
echo %username% logged onto %computername% date >> \\server\share\logons.txt
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
NVITCommented:
Active Directory Administrative Center
0
 
JRome225Author Commented:
NewVillage, where about in the Admin Center would I find the logon report?
0
 
NVITCommented:
When you pick the user, it shows at the bottom right (attached)
greenshot-2014-11-13-08-19-18.png
0
 
NVITCommented:
One way to report all users at once is with PowerShell...

Open a CMD prompt

powershell

import-module ActiveDirectory
Get-ADUser -Filter * -Properties "LastLogonDate" | sort-object -property lastlogondate -descending | Format-Table -property name, lastlogondate -AutoSize

Open in new window

0
 
JRome225Author Commented:
I need it from Monday, is that possible?
0
 
NVITCommented:
One out-of-the-box way is to set the GPO "Display information about previous logons during user logon".
But, I think by default this isn't set.

Computer Configuration| Policies | Administrative Templates | Windows Components | Windows Logon Options | Display information about previous logons during user logon = Enabled
0
 
NVITCommented:
Another way is LogParser http://www.microsoft.com/en-us/download/details.aspx?id=24659

This gets all logons, including machine and users:
LogParser "SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, '|') AS Account INTO Report.tsv FROM Security WHERE EventID NOT IN (541;542;543) AND EventType = 8 AND EventCategory = 2"

Open in new window


Here's one to get a certain user:
LogParser "SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, '|') AS Account INTO Report.tsv FROM Security WHERE (EventID NOT IN (541;542;543) AND EventType = 8 AND EventCategory = 2 AND Account LIKE 'username')"

Open in new window

0
 
compdigit44Commented:
Depending on your security event log settings the logs may have already been removed
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now