Last logon script

[juniper911]

I know this may have been asked but can someone provide me with a link. I am after a script that tells me the last logon date for users, I have mix of W2K and W3K DC's. It does not have to be that customizable.

thanks

 

[markdmac]

Give this a try:

Set objUser = GetObject _
    ("LDAP://CN=JSmith,OU=TSP Users,DC=thespidersparlor,DC=local")


On Error Resume Next
Set objDate = objUser.lastLogon
If (Err.Number <> 0) Then
    lastLogonDate = "Error Encountered Getting Last Logon Information:
Else
    lngHigh = objDate.HighPart
    lngLow = objDate.LowPart
    If (lngLow < 0) Then
        lngHigh = lngHigh + 1
    End If
    If (lngHigh = 0) And (lngLow = 0 ) Then
        lastLogonDate = #1/1/1601#
    Else
        lastLogonDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
            + lngLow)/600000000 - lngBias)/1440
    End If
End If

WScript.Echo "Last Logon: " & lastLogonDate

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[juniper911]

cheers, Mark I will try it and let you know how I get on.

thanks again...

 

[Boxalld]

There is a great little app called NetPWAge.exe you can use this to generate a list of users who have not reset there passwords for a set period of time, if you have a policy that states users have to change there password every 90 days you can tell that any accounts that have not reset there Passwords over this period are inactive... Also works for computer accounts as well, remeber to remove DC from the list as there computer objects dont change there passwords like meber servers / workstations...

 

[markdmac]

More concise version thanks to the Microsoft Scripting Guys.

Set objUser = GetObject _
    ("LDAP://tspserver.thespidersparlor.local/CN=Mark D. MacLachlan,OU=TSP Users,DC=thespidersparlor,DC=local")


On Error Resume Next
Set objLastLogon = objUser.Get("lastLogon")

intLastLogonTime = objLastLogon.HighPart * (2^32) + objLastLogon.LowPart 
intLastLogonTime = intLastLogonTime / (60 * 10000000)
intLastLogonTime = intLastLogonTime / 1440

Wscript.Echo "Last logon time: " & intLastLogonTime + #1/1/1601#

Check out their article on this:

http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx

Note that you can query lastLoginTimestamp which is a property that gets replicated between DCs. lastLogin does not replicate so you would need to query each DC and put the data for each user into a dictionary or array after comparing to see which date was newer.

In my home network I only have a single Windows 2003 DC and the lastLoginTimestamp was NOT as accurate as the lastLogin so I am going with that.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[markdmac]

And for my last trick....

Here is a more robust version. Just execute it and it will prompt for the user name to query. It will aslo ask if you want to query the lastLogon or lastLogonTimestamp.

'==========================================================================
'
' NAME: GetLastLogonTime.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 8/14/2007
' COPYRIGHT (c) 2007 All Rights Reserved
'
' COMMENT: 
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'
'==========================================================================

strUser = InputBox("Enter User Login Name To Return Last Logon Information","Which User?")
choice = InputBox("Use lastLogon or lastLogonTimeStamp?" & vbCrLf & "1 = lastLogon (no replication between DCs)" & _ 
         vbCrLf & "2 = lastLogonTimeStamp (replicates between DCs)","Select query type.")
userDN = "LDAP://" & SearchDistinguishedName(strUser)

Set objUser = GetObject(userDN)

On Error Resume Next

Select Case choice
	Case 1
		Set objLastLogon = objUser.Get("lastLogon")	
	Case 2
		Set objLastLogon = objUser.Get("lastLogonTimestamp")
End Select

intLastLogonTime = objLastLogon.HighPart * (2^32) + objLastLogon.LowPart 
intLastLogonTime = intLastLogonTime / (60 * 10000000)
intLastLogonTime = intLastLogonTime / 1440

MsgBox "User "& strUser & " last logon time: " & intLastLogonTime + #1/1/1601#

Public Function SearchDistinguishedName(ByVal vSAN)
    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[Boxalld]

ALso note that lastlogontimestamp is not available under w2k so you have to run against each DC which is a pain. Thats why i used the netpwage.exe tool much easier.

 

[juniper911]

Mark the first script you gave I am having trouble with (not 2 clever with scripts)

Set objUser = GetObject _
("LDAP://CN=JSmith,OU=TSP Users,DC=thespidersparlor,DC=local")


On Error Resume Next
Set objDate = objUser.lastLogon
If (Err.Number <> 0) Then
lastLogonDate = "Error Encountered Getting Last Logon Information:
Else
lngHigh = objDate.HighPart
lngLow = objDate.LowPart
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0 ) Then
lastLogonDate = #1/1/1601#
Else
lastLogonDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow)/600000000 - lngBias)/1440
End If
End If

WScript.Echo "Last Logon: " & lastLogonDate

It just says "Error Encountered Getting Last Logon Information". I am trying to do this on W2K3 DC. The script from the script guys at MS says last logon time 01/01/1601!!

This is what I am using

Set objUser = GetObject _
("LDAP://acmedc01.company.local")


On Error Resume Next
Set objLastLogon = objUser.Get("lastLogon")

intLastLogonTime = objLastLogon.HighPart * (2^32) + objLastLogon.LowPart
intLastLogonTime = intLastLogonTime / (60 * 10000000)
intLastLogonTime = intLastLogonTime / 1440

Wscript.Echo "Last logon time: " & intLastLogonTime + #1/1/1601#

 

[markdmac]

You need to modify the distinguishedname for the user. So you have to replace the following:
("LDAP://CN=JSmith,OU=TSP Users,DC=thespidersparlor,DC=local")

The last script I posted eliminates this need. It will ask you for a user login name to check.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.