September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
6.27. Determining a User’s Last Logon Time
Tip
This recipe requires the Windows Server 2003 forest functional level.
Problem
You want to determine the last time a user logged into a domain.
Solution
Using a graphical user interface
If you install the AcctInfo.dll extension to Active Directory Users and Computers, you can view the last logon timestamp.
Open the Active Directory Users and Computers snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Beside Name, type the name of the user you want to modify and click Find Now.
In the Search Results, double-click on the user.
Click the Additional Account Info tab.
View the value for Last-Logon-Timestamp.
Note
AcctInfo.dll can be downloaded from the Microsoft download site:
Using VBScript
' This code prints the last logon timestamp for a user.
' ------ SCRIPT CONFIGURATION ------
strUserDN = "<UserDN>" ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------
set objUser = GetObject("LDAP://" & strUserDN)
set objLogon = objUser.Get("lastLogonTimestamp")
intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
intLogonTime = intLogonTime / (60 * 10000000)
intLogonTime = intLogonTime / 1440
WScript.Echo "Approx last logon timestamp: " & intLogonTime + #1/1/1601#Discussion
Trying to determine when a user last logged on has always been a challenge in the Microsoft ...