Re: "Last logon time" & "Last time the account was authenticated by AD

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On Aug 30, 4:23 pm, "Richard Mueller [MVP]" <rlmueller-
nos...@xxxxxxxxxxxxxxxxxxxx> wrote:
sekhar wrote:
Environment: Windows 200

Are "Last logon time" and "Last time the account was authenticated by AD"
the same? We have the requirement to identify the last time that account
was
used or accessed.

Currently I am generating a report that will query all the DCs and will
get
the updated Last logon time. But this is not always correct?

"Last logon time" & "Last time the account was authenticated by AD" the
same?

Yes, the last time an account authenticated in AD will be the date/time that
corresponds to the value of the lastLogon attribute. Just remember that the
lastLogon attribute is not replicated. For any user or computer object a
different value is saved on every Domain Controller. You must query all DC's
in the domain to get the largest (latest) value.

For most purposes, the lastLogonTimeStamp attribute will suffice. This
attribute is only updated during logon if the old value is at least 14 (by
default) days in the past, but the value is replicated. You only need to
query one DC (any DC). The value is accurate if it corresponds to a date
more than 14 days in the past.

Both attributes are Integer8, so they are 64-bit numbers representing dates
in UTC as the number of 100-nanosecond intervals since 12:00 AM January 1,
1601. The 64-bit value must be converted to a date/time in the current time
zone.

I believe you can use Joe Richards' oldcmp utility for this:

http://www.joeware.net/win/free/tools/oldcmp.htm

And I have a VBScript program to retrieve lastLogon for all users in the
domain linked here:

http://www.rlmueller.net/Last%20Logon.htm

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab -http://www.rlmueller.net
--

The login time/date is only replicated in windows 2003, in windows
2000 you need to query every DC and merge the results.

You might consider http://www.tools4ever.com/products/utilities/reallastlogon/,
free trail with full functionality so will get your report.

.

Relevant Pages

  • Re: "Last logon time" & "Last time the account was authenticated by AD
    ... We have the requirement to identify the last time that account ... corresponds to the value of the lastLogon attribute. ... You must query all DC's ... I believe you can use Joe Richards' oldcmp utility for this: ...
    (microsoft.public.windows.server.active_directory)
  • Re: "Last logon time" & "Last time the account was authenticated by AD
    ... the updated Last logon time. ... the last time an account authenticated in AD will be the date/time ... corresponds to the value of the lastLogon attribute. ... The login time/date is only replicated in windows 2003, ...
    (microsoft.public.windows.server.active_directory)
  • Re: HELP! Need AD Query for Last login
    ... You want to do this only for the second query that runs on each DC. ... > and how long the revised script took. ... >> ' Because the lastLogon attribute is not replicated, ... Then, for each Domain Controller, ADO is used to search the ...
    (microsoft.public.scripting.vbscript)
  • Re: HELP! Need AD Query for Last login
    ... query the DCs in the USA domain, how would I modify the script? ... I'm new to VB script and making this simple modification is beyond me at ... >> ' Because the lastLogon attribute is not replicated, ... Then, for each Domain Controller, ADO is used to search the ...
    (microsoft.public.scripting.vbscript)
  • Re: HELP! Need AD Query for Last login
    ... You want to do this only for the second query that runs on each DC. ... If the original script ran to completion, I'd like to know how long it took, ... > ' Because the lastLogon attribute is not replicated, ... Then, for each Domain Controller, ADO is used to search the ...
    (microsoft.public.scripting.vbscript)