Wednesday, November 19, 2008

when did a Active Directory User Last Logon

first let me say I think Novel Netware user login, I think Windows users Logon.

With several DCs it used to be a bear to get the real last logon, as you would have to check the lastlogon timestamp on each DC, with Windows 2003 Native mode this has been changed.


lastLogon – old style not replicated to other DCs
lastLogonTimestamp – replicated for each user if the user’s lastlogonTimestamp is older then 14 days ( This is the one to go by for the report. )

I included a hist01.txt which has the command line used to generate the report. The adfind tool is a command line utility, already on corpadmints1.
Also found at

adfind -b "base dn"
-f filter - all user objects except disabled accounts
-csv csv export
-tdc time date change - changed ldap time date into readable format
then attributes DisplayName samaccountname lastLogon lastLogonTimestamp

1 comment:

Tom Brown said...

Thank, It is really good information related to get the real last logon time of users. I found good utility from which helps me to find out true last logon time in active directory environment and get the comprehensive report which are based on real last logo on and log off.