Quantcast
Viewing all articles
Browse latest Browse all 91

How to Find Active Directory User’s/Computer’s Last Logon Time?

Image may be NSFW.
Clik here to view.
Get User Last Logon Time

The Active Directory administrator must periodically disable and inactivate objects in AD. In this article, we will show how to get the last logon time for the AD domain user and find accounts that have been inactive for more than 90 days.

How to Get Last Logged on User Using ADUC?

You can find out the last logon time for the domain user with the ADUC graphical console (Active Directory Users and Computers).

  1. Run the console dsa.msc;
  2. In the top menu, enable the option View > Advanced Features;
    Image may be NSFW.
    Clik here to view.
    active directory user last logon time
  3. In the AD tree, select the user and open its properties;
  4. Click on the tab Attribute Editor;
  5. In the list of attributes, find lastLogon. This attribute contains the time the user was last logged in the domain.

Image may be NSFW.
Clik here to view.
last logon time active directory powershell

Find Last Logon Time Using CMD

You can find out the time the user last logged into the domain from the command line using the net or dsquery tools.

Open a command prompt (you don’t need domain administrator privileges to get AD user info) and run the command:

net user administrator /domain| findstr "Last"

You got the user last login time: 08.08.2019 11:14:13.

Image may be NSFW.
Clik here to view.
powershell command to find last logon time for all users

You can also get the last login time using dsquery. For example:

dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=administrator))" -attr distinguishedName lastLogon lastLogonTimestamp -limit 0

The main problem is that the attributes lastLogon and lastLogonTimestamp in AD are stored in timestamp format and you need to additionally convert it to a normal time format.

Image may be NSFW.
Clik here to view.
last logon time powershell

You can also use this command to find all users who are inactive, for example, for 10 weeks:

dsquery user domainroot -inactive 10

Find Last Logon Time Using PowerShell

You can also use PowerShell to get the user last domain logon time. For this, you need to use

Active Directory module for Windows PowerShell. Install this module and import it into your PowerShell session:

Import-Module ActiveDirectory

To find the last logon time for the domain administrator account, run the command:

Get-ADUser -Identity administrator -Properties LastLogon

The cmdlet returned the time in Timestamp format. To convert it to normal time use the following command:

Get-ADUser -Filter {Name -eq "administrator"} -Properties * | Select-Object Name, @{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}}

Image may be NSFW.
Clik here to view.
powershell get last logged on user

Using PowerShell, you can display Lastlogon time for all enabled domain users:

Get-ADUser -filter {enabled -eq $true} -Properties * | Select-Object Name, @{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}}|Sort-Object LastLogon -Descending

Image may be NSFW.
Clik here to view.
last logon time active directory

Or you can find users who are inactive for more than 90 days:

$date1= (Get-Date).AddDays(-90)

Get-ADUser -Properties LastLogonDate -Filter {LastLogonDate -lt $date1} | ft

The post How to Find Active Directory User’s/Computer’s Last Logon Time? appeared first on TheITBros.


Viewing all articles
Browse latest Browse all 91

Trending Articles