Rick That's a tricky one. There are two attributes (pwdLastSet and lastLogon) that could help you. The unfortunate thing is that these attributes are not replicated between DCs. This means that in order to get up-to-date information you need to query every DC in the domain. This may be ok for small environments, but is impractical for organisations with larger infrastructures.
Things improve with Windows Server 2003 AD with the introduction of the lastLogonTimestamp attribute which *is* replicated and gives an approximate time of the last logon. It's approximate because it is only updated at 1 week intervals (to cut down on replication traffic). This feature requires the Windows Server 2003 domain functional level. Some further info here. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/proddocs/server/dsadmin_concepts_accounts.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad/win2k3only_a_lastlogontimestamp.asp Tony -----Original Message----- From: Jones, Rick J.(Desktop Engineering) [mailto:[EMAIL PROTECTED] Sent: Freitag, 28. M�rz 2003 00:18 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Last Logon Details Hi; I am trying to retrieve the last logon account information for a specific computer account from Active Directory. Does anyone have a script to do this? Or... If you have another way to determine when the system last logged onto the network. This is so we can verify that the account is an active entry. Rick J. Jones List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
