Wednesday, October 6, 2010

Last Logon on Domain controllers

My PL  given me the requirement to find the last logon for each user on the domain.

There is a simple utility in windows resource kit that does this work.

usrstat.exe :-- This command-line tool displays the username, full name, and last logon date and time for each user in a given domain.

you can download this utility from the below link

http://www.petri.co.il/download_free_reskit_tools.htm

3 comments:

  1. I made a tool for finding unused user and computer accounts in AD that will also show you this information (and its not command line). If its of any use to you, you can find it here: http://www.cjwdev.co.uk/Software/ADTidy/Info.html
    Oh and its completely free :)

    ReplyDelete
  2. Nice Script that will do the JOB

    ' Assign Variables

    Dim DomainString, fso, DomianObj, UserDel, C, Code
    Dim ChkLast, UserObj, Flag, s

    ' Create Object for File System Access

    set fso = CreateObject ("Scripting.FileSystemObject")

    ' Set Domain Name
    DomainString = "domain" 'Modify this line or this script wont work

    ' Open ADSI and connect to Domain user data

    Set DomainObj = GetObject("WinNT://" & DomainString)
    DomainObj.Filter = Array("user")

    ' Insure that file does not already exist
    IF fso.FileExists ("show_user_account_info.txt") THEN
    set USERDel = fso.GetFile ("show_user_account_info.txt")
    USERDel.Delete
    End IF

    ' Create File in temp directory
    set C = fso.CreateTextFile ("d:\show_user_account_info_stolt.txt", True)

    on error resume next
    ' Add collumn headings to new file
    C.WriteLine "Name" & vbTab & "FullName" & vbTab & "Description" & _
    vbTab & "LastLogin" & vbTab & "PasswordExpirationDate" & _
    vbTab & "IsAccountLocked" & vbTab & "Class" & vbTab & "UserFlags"

    ' List all users
    For Each UserObj In DomainObj
    ChkLast = UserObj.LastLogin ' ChkLast is used to determine the last logon time.
    IF UserObj.UserFlags 661103 Then
    s = UserObj.name
    s = s & vbTab
    s = s & UserObj.FullName
    s = s & vbTab
    s = s & UserObj.Description
    s = s & vbTab
    s = s & UserObj.LastLogin
    s = s & vbTab
    s = s & UserObj.PasswordExpirationDate
    s = s & vbTab
    s = s & UserObj.IsAccountLocked
    s = s & vbTab
    s = s & UserObj.Class
    s = s & vbTab

    ' Convert Flags to more undersandable terms.
    Flag = UserObj.UserFlags
    IF Flag = 66113 THEN
    Code = "Password never expires and user cannot change password"
    ELSEIF Flag = 8389123 THEN
    Code = "Disabled"
    ELSEIF Flag = 577 THEN
    Code = "Account is not setup right, login not possible"
    ELSEIF Flag = 515 THEN
    Code = "Account is disabled and user must change password at next logon"
    ELSEIF Flag = 513 THEN
    Code = "User is active"
    ELSEIF Flag = 66049 THEN
    Code = "Password Does Not expire"
    ELSE
    Code = "Unknown Code = " & UserObj.UserFlags
    END IF

    s = s & CHR (34) & Code & CHR (34)
    C.WriteLine s ' Write new line to file.
    End IF
    Next ' Repeat for all users
    Wscript.Quit

    ReplyDelete