need to track last 7 days of user whether he logged in to our domain OR when he logged in and what times and date.

do i need to check AD server logs in event viewer or can i run any windows powershell command shell
Who is Participating?
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
And you have to check EACH DC.  The logs only record when that specific DC has authenticated the user.  If you have 12 DCs over 9 sites, you have to check EACH because even though the site SHOULD authenticate them, unless you've done something to explicitly alter the behavior, ANY DC in ANY site could have authenticated him.
yo_beeConnect With a Mentor Director of Information TechnologyCommented:
You do need to look at the event logs on your DC.

You are looking for event Id 4624 with a logon type 2.

This can be a bit overwhelming.
Better use tool like ad reporter (free tool from or bulk ad user from wisesoft and export all users lastlogon timestamp to excel / CSV and then search by user for required users
Naveen SharmaCommented:
How to Detect Last Logon Date and Time for all Active Directory Users:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.