Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How can I tell when users log into our domain?

Status
Not open for further replies.
shakatak

shakatak

Technical User
Aug 13, 2006
67
US
Out manager wants to know when certain users log into our domain so I was wondering if there was a log that keeps track of the date/time/computer that a users logs onto? any help would be appreciated.
 
Sort by date Sort by votes
Yep. That information is tracked in the security log of the domain controller that the user authenticates against.

You could add a startup script to log this data into a more usable place such as a SQL database.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
I looked in the security log but I do not see the user names. I only see ANONYMOUS LOGON, SYSTEM, and a few machine names. I need to find out what time certain users logs into the domain.
 
Upvote 0 Downvote
You may not have the auditing turned on which logs this data. Check your GPOs.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
As MrDenny suggested, a login script could easily capture this information.

You should use a database since it will better scale. Here is a simple example writing to a text file.

Code: 
Const ForAppending = 8
Set WSHNetwork = CreateObject("Wscript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
UserName = WSHNetwork.UserName
ComputerName = WSHNetwork.ComputerName

Set LogInfo = objFSO.OpenTextFile ("LoginTracking.txt", ForAppending)
LogInfo.WriteLine UserName & " logged into computer: " & ComputerName & " at " & Now
LogInfo.Close

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
There is a LastLogon property that is maintained on each domain controller in your AD. The following VBscript will enumerate all domain controllers for the time stamp for any user you choose. You will get multiple logon times on each domain controller, as this property is not replicated between DCs.

You will have to change one part of the code to customize it for your domain.
Change line 11 in the code section to your doamain LDAP path.
<LDAP://dc=yourdomain,dc=com>

Copy this code into notepad(with word wrap off) and name the file with the .vbs extension. Click to launch and enter the user logon name you wish to enumerate.
Code: 
'* FileName:  LastLogon.vbs
'*=============================================================================
'* Script Name: [LastLogon]
'* Created:     [4/06/05]
'* Author:      Jesse Hamrick
'* Company:     XXXXXXXXXXXXXXXXXXXXXXXXXXXX
'* Email:       JHmarick@whokilledkenny.net
'* Web:         [URL unfurl="true"]http://www.whokilledkenny.net[/URL]
'* Reqrmnts:    
'* Keywords:    
'*=============================================================================
'* Purpose:    Verifies a users last domain logon time. 
'*              
'*              
'*=============================================================================
'*=============================================================================
'* DECLARE VARIABLES
'*=============================================================================
'* Use sAMAccountName to get user DN
Dim strUser, strSAM, StrDN

'*=============================================================================
'* Code
'*=============================================================================

'* Use sAMAccountName to get user DN
strUser = InputBox("Enter user logon name.")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

objCommand.CommandText = _
    "<LDAP://dc=yourdomain,dc=com>;" & _
    "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName="& strUser & "));" & _
    "sAMAccountName, distinguishedName;subtree"


Set objRecordSet = objCommand.Execute

If objRecordSet.RecordCount = 0 Then
   WScript.Echo "The User Account " & Chr(34) & strUser & Chr(34) & _
   " does not exits in the Domain"
Else
    While Not objRecordset.EOF
        strSam = objRecordset.Fields("sAMAccountName")
        strDN = "/" & objRecordset.Fields("distinguishedName")
        objRecordset.MoveNext
        WScript.Echo "Logon Account: " & strSAM
        WScript.Echo "AD Object Path: " & StrDN
    Wend
    End If
    objConnection.Close
'End If

'CODE to query all Domain Controllers for last logon.
On Error Resume Next
dtmLatestLogon = #1/1/1601#

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colTimeZone = objWMIService.ExecQuery("Select * From Win32_TimeZone")
For Each objTimeZone In colTimeZone
	intTimeZoneBias = objTimeZone.Bias
	intDaylightBias = objTimeZone.DaylightBias
Next

Const ADS_SCOPE_SUBTREE = 2

Set objRootDSE = GetObject("LDAP://RootDSE")
strConfigurationNC = objRootDSE.Get("ConfigurationNamingContext")

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
"SELECT ADsPath FROM 'LDAP://" & strConfigurationNC & "'WHERE objectClass ='nTDSDSA'"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst

Do Until objRecordSet.EOF
	Set objParent = GetObject(GetObject(objRecordSet.Fields("ADsPath")).Parent)
	strDCName = objParent.dnsHostName
	Set objUser = GetObject("LDAP://" & strDCName & strDN)
		
	Set objLastLogon = objUser.Get("lastlogon")
	
	intLastLogonTime = objLastLogon.HighPart * (2^32) + objLastLogon.LowPart
	intLastLogonTime = intLastLogonTime / (60 * 10000000)
	intLastLogonTime = intLastLogonTime / 1440
	
	dtmLastLogon = intLastLogonTime + #1/1/1601#
	dtmLastLogon = DateAdd("n", intTimeZoneBias, dtmLastLogon)
	dtmLastLogon = DateAdd("n", intDaylightBias, dtmLastLogon)
	
	If dtmLastLogon > dtmLatestLogon Then
		dtmLatestLogon = dtmLastLogon
		WScript.Echo "Last Logon: " & dtmLatestLogon
	End If
	
	objRecordSet.MoveNext
Loop

objConnection.Close 

'*=============================================================================
'* END OF SCRIPT:
'*=============================================================================
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC &amp; Adding back to our Network
Replies
0
Views
228
DTGMI
DTGMI
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
413
goombawaho
goombawaho
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
253
microsGuy16
microsGuy16
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
149
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
370
fredmartinmaine
fredmartinmaine

Part and Inventory Search

Sponsor

Back
Top