Wednesday, November 19, 2008

when did a Active Directory User Last Logon

first let me say I think Novel Netware user login, I think Windows users Logon.

With several DCs it used to be a bear to get the real last logon, as you would have to check the lastlogon timestamp on each DC, with Windows 2003 Native mode this has been changed.

Details:


lastLogon – old style not replicated to other DCs
lastLogonTimestamp – replicated for each user if the user’s lastlogonTimestamp is older then 14 days ( This is the one to go by for the report. )

http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx

http://addicted-to-it.blogspot.com/2008/09/ad-how-to-determine-last-logon-time-of.html

I included a hist01.txt which has the command line used to generate the report. The adfind tool is a command line utility, already on corpadmints1.
Also found at http://www.joeware.net/freetools/tools/adfind/.

adfind -b "base dn"
-f filter - all user objects except disabled accounts
-csv csv export
-tdc time date change - changed ldap time date into readable format
then attributes DisplayName samaccountname lastLogon lastLogonTimestamp

1 comment:

Tom Brown said...

Thank, It is really good information related to get the real last logon time of users. I found good utility from http://www.lepide.com/active-directory-cleaner/ which helps me to find out true last logon time in active directory environment and get the comprehensive report which are based on real last logo on and log off.