first let me say I think Novel Netware user login, I think Windows users Logon.
With several DCs it used to be a bear to get the real last logon, as you would have to check the lastlogon timestamp on each DC, with Windows 2003 Native mode this has been changed.
Details:
lastLogon – old style not replicated to other DCs
lastLogonTimestamp – replicated for each user if the user’s lastlogonTimestamp is older then 14 days ( This is the one to go by for the report. )
http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx
http://addicted-to-it.blogspot.com/2008/09/ad-how-to-determine-last-logon-time-of.html
I included a hist01.txt which has the command line used to generate the report. The adfind tool is a command line utility, already on corpadmints1.
Also found at http://www.joeware.net/freetools/tools/adfind/.
adfind -b "base dn"
-f filter - all user objects except disabled accounts
-csv csv export
-tdc time date change - changed ldap time date into readable format
then attributes DisplayName samaccountname lastLogon lastLogonTimestamp
Wednesday, November 19, 2008
Subscribe to:
Post Comments (Atom)
1 comment:
Post a Comment