Determine Last Date of Computer Logon in AD Domain

Discussion in 'Active Directory' started by kalql8n, Oct 9, 2009.

  1. kalql8n

    kalql8n Guest

    Hello-
    Using W2003 server and Win XP clients in AD domain, is there any way to
    determine when a computer, not a user, last logged into the domain? I have
    several inactive computer accounts in my AD that I would like to remove.

    TIA
    Scott Schaffer
    IT Manager
    Heschel Day School
    Northridge, CA
     
    kalql8n, Oct 9, 2009
    #1
    1. Advertisements

  2. kalql8n

    Marcin Guest

    check the value of lastLogon property of the computer object...

    hth
    Marcin
     
    Marcin, Oct 9, 2009
    #2
    1. Advertisements

  3. kalql8n

    Marcin Guest

    Note that lastLogon attribute is not replicated - so you would have to check
    its value on all DCs in the domain. Alternatively, you might consider using
    lastLogonTimestamp attribute (which is replicated) - but keep in mind that
    it's not updated at every logon (this depends on the value of
    msDS-LogonTimeSyncInterval attribute)...

    hth
    Marcin
     
    Marcin, Oct 9, 2009
    #3
  4. kalql8n

    kalql8n Guest

    Marcin - Where to I find that value?

    Thanks,
    Scott
     
    kalql8n, Oct 9, 2009
    #4
  5. The best tool for finding and dealing with old computer accounts is Joe
    Richards free oldcmp. See this link:

    http://www.joeware.net/freetools/tools/oldcmp/index.htm

    Otherwise, I have two example VBScript programs that find the last logon
    dates for all users in the domain linked here:

    http://www.rlmueller.net/Last Logon.htm

    The first program on the page uses the lastLogon attribute, which is not
    replicated, so the script queries every DC in the domain. The second program
    uses lastLogonTimeStamp so it uses one query. In both cases, the program can
    be easily modified to document last logon dates for all computers. In both
    cases change this statement:

    strFilter = "(&(objectCategory=person)(objectClass=user))"

    to this:

    strFilter = "(objectCategory=computer)"
     
    Richard Mueller [MVP], Oct 9, 2009
    #5
  6. lastLogon is not replicated, but lastLogonTimeStamp DOES replicate

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------

    __________ Information from ESET Smart Security, version of virus signature database 4507 (20091014) __________

    The message was checked by ESET Smart Security.

    http://www.eset.com
     
    Jorge de Almeida Pinto [MVP - DS], Oct 14, 2009
    #6
  7. check lastLogonTimestamp or lastPwdSet

    use OLDCMP
    http://www.joeware.net/freetools/tools/oldcmp/index.htm

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
    ------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always test ANY suggestion in a test environment before implementing!
    ------------------------------------------------------------------------------------------
    #################################################
    #################################################
    ------------------------------------------------------------------------------------------

    __________ Information from ESET Smart Security, version of virus signature database 4507 (20091014) __________

    The message was checked by ESET Smart Security.

    http://www.eset.com
     
    Jorge de Almeida Pinto [MVP - DS], Oct 14, 2009
    #7
  8. kalql8n

    NTex Guest

    Genius and so simple :) why didn't why on that my self going to try this in
    a few hours.

    BTW you don't mind if this works, that I modify this script a little so I
    can dump to SQL table instead ?

    Thanks
     
    NTex, Oct 21, 2009
    #8
  9. kalql8n

    brain007

    Joined:
    Apr 19, 2011
    Messages:
    13
    Likes Received:
    0
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.