How to tell when a user logged onto the domain?

How can I easily find what time a user logged into their computer Monday morning from the server? I am using 2008R2
LVL 1
JRome225Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul MacDonaldDirector, Information SystemsCommented:
Turn on auditing of Account Logon events.
0
JRome225Author Commented:
I do have the auditing on but its over 200K entries under security. I tried filtering it using the domain\username but it wouldn't show anything.
0
David Johnson, CD, MVPOwnerCommented:
you have to check each DC's security audit logs. What I do is run a logon script that simply does
echo %username% logged onto %computername% date >> \\server\share\logons.txt
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

NVITCommented:
Active Directory Administrative Center
0
JRome225Author Commented:
NewVillage, where about in the Admin Center would I find the logon report?
0
NVITCommented:
When you pick the user, it shows at the bottom right (attached)
greenshot-2014-11-13-08-19-18.png
0
NVITCommented:
One way to report all users at once is with PowerShell...

Open a CMD prompt

powershell

import-module ActiveDirectory
Get-ADUser -Filter * -Properties "LastLogonDate" | sort-object -property lastlogondate -descending | Format-Table -property name, lastlogondate -AutoSize

Open in new window

0
JRome225Author Commented:
I need it from Monday, is that possible?
0
NVITCommented:
One out-of-the-box way is to set the GPO "Display information about previous logons during user logon".
But, I think by default this isn't set.

Computer Configuration| Policies | Administrative Templates | Windows Components | Windows Logon Options | Display information about previous logons during user logon = Enabled
0
NVITCommented:
Another way is LogParser http://www.microsoft.com/en-us/download/details.aspx?id=24659

This gets all logons, including machine and users:
LogParser "SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, '|') AS Account INTO Report.tsv FROM Security WHERE EventID NOT IN (541;542;543) AND EventType = 8 AND EventCategory = 2"

Open in new window


Here's one to get a certain user:
LogParser "SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, '|') AS Account INTO Report.tsv FROM Security WHERE (EventID NOT IN (541;542;543) AND EventType = 8 AND EventCategory = 2 AND Account LIKE 'username')"

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
compdigit44Commented:
Depending on your security event log settings the logs may have already been removed
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.