Using ADSIedit, I examined the Schema for CN=Computer and it does not have an entry for lastLogon so... does that mean that we would need to add it to the Schema and then would start populating from the DC's?
Rick J. Jones -----Original Message----- From: Merry, Joel (US - Philadelphia) [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 9:05 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Last Logon Details If you extract the actual user account associated with the computer (e.g.: CN=TestComputer$,CN=Computers,DC=domain,DC=com) from each of the domain controllers you'll get the lastLogon value. -Joel -----Original Message----- From: Jones, Rick J.(Desktop Engineering) [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 11:53 AM To: [EMAIL PROTECTED] I have yet to get LDP to give me any sort of data for an account, the documentation is less then forthcoming on using it. When I do the following in VB6; For Each DC In DCList Set objComputer = GetObject("LDAP://"; & DC & "/" & DN) objComputer.GetInfo LogonCount = 0 LogonCount = objComputer.Get("logonCount") logonCountTotal = logonCountTotal + LogonCount lastLogon = objComputer.Get("lastLogon") debug.prinnt Server & vbtab & LogonCount & vbtab & lastLogon Next I get a successful retrieval of the LogonCount but the lastLogon produces a runtime error '438' Object doesn't support this property or method on every DC. So.... either I am doing something wrong or "lastLogon" is not on any of the computer accounts. Rick J. Jones -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 7:46 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Last Logon Details There might be two reasons for that: 1. The DC you are looking on has never authenticated those computers. Have a look at the other DCs in the domain. 2. You can't see the attribute values with tool you are using. Try with LDP or ADSIEdit. The computer class inherits all the attributes of the user class, so the attributes should be present. This is the reason why, if you perform an ldap search for (objectClass=User), you see computer objects returned in the result. The way around this is to include the objectCategory, e.g. (&(objectClass=User)(objectCategory=Person)) will return only User objects. Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jones, Rick J.(Desktop Engineering) Sent: Friday, March 28, 2003 4:06 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Last Logon Details What I have found is that those entries are empty on a computer account, a user account is different but the computer account seems to not have anything in those set at all on any of the DCs. Rick J. Jones -----Original Message----- From: Tony Murray [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 11:57 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] Last Logon Details Rick That's a tricky one. There are two attributes (pwdLastSet and lastLogon) that could help you. The unfortunate thing is that these attributes are not replicated between DCs. This means that in order to get up-to-date information you need to query every DC in the domain. This may be ok for small environments, but is impractical for organisations with larger infrastructures. Things improve with Windows Server 2003 AD with the introduction of the lastLogonTimestamp attribute which *is* replicated and gives an approximate time of the last logon. It's approximate because it is only updated at 1 week intervals (to cut down on replication traffic). This feature requires the Windows Server 2003 domain functional level. Some further info here. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodt echnol/windowsserver2003/proddocs/server/dsadmin_concepts_accounts.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschem a/ad/win2k3only_a_lastlogontimestamp.asp Tony -----Original Message----- From: Jones, Rick J.(Desktop Engineering) [mailto:[EMAIL PROTECTED] Sent: Freitag, 28. M�rz 2003 00:18 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Last Logon Details Hi; I am trying to retrieve the last logon account information for a specific computer account from Active Directory. Does anyone have a script to do this? Or... If you have another way to determine when the system last logged onto the network. This is so we can verify that the account is an active entry. Rick J. Jones List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ - This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. - If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ----------------------------------------------------------------------- This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
