Re: How to find "LastLogonTime" for users
Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance
Athif [MVP-Windows Server] wrote:
Hi Torgeir,
Thanks for the excellent reply. As you pointed, I am trying
(http://www.rlmueller.net/Last%20Logon.htm).vbs script of Richard
Mueller [MVP] and I actually have some queries. Please note that we are
still in mixed mode.
1. Can we run this .vbs script to check only for one specific domain
controller (I understand this information is not replicated, but
still). On WAN Links, it will be very tough, there should be a way!
Do the following changes:
1)
Remove the loop
For k = 0 To Ubound(arrstrDCs) / Next
(you can then also remove the code that builds the arrstrDCs array
if you want to)
2)
Change
strBase = "<LDAP://"; & arrstrDCs(k) & "/" & strDNSDomain & ">"
to
strBase = "<LDAP://"; & "your domain controller name here" & "/"
& strDNSDomain & ">"
But note that as you don't check all domain controllers, you cannot be
sure that the data returned is the actual last logon date for the users.
2. How to customize to check "LastLogonTime" only for specific user to
save time & WAN Link. Can we manipulate somewhere on strFilter =
"(&(objectCategory=person)(objectClass=user))" or somewhere else?
To search on a specific logon name, add the sAMAccountName to the
strFilter statement, like this (replace JohnG with the actual logon
name):
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=JohnG))"
3. For some users the "LastLogonTime" is 1/1/1601. What does this mean?
It means that the user have never logged on.
Torgeir Bakken (MVP) wrote:
Hi,
You could e.g. take a look at this post from Richard Mueller:
http://groups.google.co.uk/group/microsoft.public.scripting.vbscript/msg/596286cbb2f31d2e
The scripts he refers to could easily be changed to only list those
that have not logged in for more than 100 days, or obtain the logon
time for one specific user only.
Alternatively, if the domain functional level is set to Windows Server
2003, you can check on the LDAP property lastLogonTimestamp, it is
replicated between the DCs.
Note that this value is only updated when the user logs in if a week
has passed since the last update (so it is usable only to see if an
account have been active on a weekly basis).
A "Scripting Guys" article about lastLogonTimestamp:
Dandelions, VCR Clocks, and Last Logon Times: These are a Few of Our
Least Favorite Things
http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx
From the docs for lastLogonTimestamp:
http://msdn.microsoft.com/library/en-us/adschema/ad/adam_a_lastlogontimestamp.asp
<quote>
Last-Logon-Timestamp
This is the time that the user last logged into the domain. This value
is only updated when the user logs in if a week has passed since the
last update. This value is replicated.
</quote>
http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/dsadmin_concepts_accounts.asp
<quote>
When the domain functional level has been set to Windows Server 2003,
a new lastLogonTimestamp attribute is used to track the last logon
time of a user or computer account.
</quote>
The above is relevant for both user and computer accounts. Note the
once a week update only part and the Windows Server 2003 domain
functional level prerequisite.
Raise the domain functional level; Windows Server 2003
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_changedomlevel.asp
Raising the Roof on Domain Functional Levels
http://www.networking.earthweb.com/netos/article.php/3298531
--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
.
Relevant Pages
- Re: Windows 2003 Last Login
... >> lastlogin time field only updates every 7 days. ... the domain functional level needs to have been set to Windows ... > When the domain functional level has been set to Windows Server 2003, ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
(microsoft.public.scripting.vbscript) - Re: How to find "LastLogonTime" for users
... Mueller [MVP] and I actually have some queries. ... if the domain functional level is set to Windows Server ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
(microsoft.public.windows.server.scripting) - Re: Disabling old account script needed
... When the domain functional level has been set to Windows Server 2003, a new lastLogonTimestamp attribute is used to track the last logon time of a user or computer account. ... torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
(microsoft.public.windows.server.active_directory) - Re: I want to add fields to user report
... When the domain functional level has been set to Windows Server 2003, ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
(microsoft.public.scripting.vbscript) - Re: How to find "LastLogonTime" for users
... I am actually looking for a script which can tell me "LastLogonTime" for specific users in Active Directory. ... When the domain functional level has been set to Windows Server 2003, a new lastLogonTimestamp attribute is used to track the last logon time of a user or computer account. ... torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
(microsoft.public.windows.server.scripting) |
|
