' This code prints the last logon timestamp for a user.
' ------ SCRIPT CONFIGURATION ------
strUserDN = "<UserDN>" ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
set objLogon = objUser.Get("lastLogonTimestamp")
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
WScript.Echo "Approx last logon timestamp: " & intLogonTime + #1/1/1601#
Discussion
Trying to determine when a user last logged on has always been a
challenge in the Microsoft NOS environment. In Windows NT, you could
retrieve a user's last logon timestamp from a PDC or BDC, but this
timestamp was the last time the user logged on to the PDC or BDC. That
means in order to determine the actual last logon, you'd have to query
every domain controller in the domain. In large environments, this
wasn't practical. With Windows 2000 Active Directory, things did not
improve much. A lastLogon attribute is used to store the last logon
timestamp, but unfortunately, this attribute isn't replicated. So again,
to get an accurate picture, you'd have to query every domain controller
in the domain for the user's last logon attribute and keep track of the
most recent one.
Now with Windows Server 2003, we finally have a viable solution. A new
attribute was added to the schema for user objects called
lastLogonTimestamp. This attribute is similar to the lastLogon attribute
that was available previously, with two distinct differences. First, and
most importantly, this attribute is replicated. That means when a user
logs in, the lastLogonTimestamp attribute will get populated and then
replicate to all domain controllers in the domain.
The second difference is that since lastLogonTimestamp is replicated,
special safeguards needed to be put in place so that users that logged
in repeatedly over a short period of time did not cause unnecessary
replication traffic. For this reason, the lastLogonTimestamp is updated
only if the last update occurred a week or more ago. This means that the
lastLogonTimestamp attribute could be up to a week off in terms of
accuracy with a user's actual last logon. Ultimately, this shouldn't be
a problem for most situations because lastLogonTimestamp is intended to
address the common problem where administrators want to run a query and
determine which users have not logged in over the past month or more.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Friday, October 28, 2005 5:56 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] LastLogon timestamp
What's the easiest way to find out the last logon time of a user
account? And if you have 50 domain controllers, would you have to query
each one for it, or is this replicated some how? We're in a native
win2k domain with mostly win2k3 DCs.
Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail is confidential, may contain proprietary information
of the Cooper Cameron Corporation and its operating Divisions
and may be confidential or privileged.
This e-mail should be read, copied, disseminated and/or used only
by the addressee. If you have received this message in error please
delete it, together with any attachments, from your system.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
