It strikes me that y'all are trying to cobble together a bicycle. Why
not use a car?
AD Toolkit from Javelina Software has last logon as one of many
pre-configured reports.
You run it against and OU or entire domain and it returns last logon
info as well as which DC handled it.
Saving a report as a CSV file is also a standard option.
I sometime use it for machine account last logon info to find those
which may have left with Elvis.
See http://www.javelinasoftware.com/advantage.html
Michael J. Miller
Computing Services
College of Veterinary Medicine, UIUC
_________________________________________________________________
joe wrote:
You may want to test this in your environment, but from an efficiency
standpoint, with this query you may want to trim it all the way down
to sAMAccountName=username
This is an odd one because objectcategory and samaccountname are both
indexed so the QP has to decide which index to use based on some
internal logic. From what I have experienced it usually chooses
objectcategory probably because it will have fewer values than
samaccountname. However in this case samaccountname is "guaranteed" to
be unique so it can go directly to the object in question. Whereas
with objectcategory it will have to visit all of the person objects.
Another alternative would be to try and stick the sAMAccountName
portion of the query at the very beginning of the query which seems to
push that index into being used from what I have seen. I don't agree
that reversing the filter like that should cause this to happen but it
seems to which is why if I have multiple indexed attributes in an AND
query I try to stick with putting the most specific one at the front.
Why it all works this way I have some ideas but honestly, the QP
specifics are something that should come from someone with more
intimate knowledge of the QP code like ~Eric or someone else who has
spent 14 hour days in that specific section of the code. It would make
great blog entries I think... I would also buy the book but I think
that would be an extremely limited audience and probably not worth
writing as a whole official book. :)
You can experiment with this, assuming you are basically an Admin on
your DCs with the -stats+only switch in ADFIND like so:
adfind -b some_base_dn -f "somefilter" -dn -stats+only
*Initial Query*
Elapsed Time: 0 (ms)
Returned 1 entries of 16 visited - (6.25%)
Used Filter:
( & (objectClass=user)
(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc)
(sAMAccountName=$joe) )
Used Indices:
idx_objectCategory:16:N
*Query Reversed*
Elapsed Time: 0 (ms)
Returned 1 entries of 1 visited - (100.00%)
Used Filter:
( & (sAMAccountName=$joe) (objectClass=user)
(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc) )
Used Indices:
idx_sAMAccountName:1:N
*Query chopped*
Elapsed Time: 0 (ms)
Returned 1 entries of 1 visited - (100.00%)
Used Filter:
(sAMAccountName=$joe)
Used Indices:
idx_sAMAccountName:1:N
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Chong Ai Chung
*Sent:* Wednesday, August 16, 2006 3:34 AM
*To:* [email protected]
*Subject:* Re: [ActiveDir] Find last logon for ID
You can get this information using adfind:
adfind -b dc=domaname,dc=com -f
"(&(Objectclass=user)(Objectcategory=person)(samaccountname=username))" lastlogontimestamp
-tdc
If you are looking for script, you can refer to following Script
Center article:
http://www.microsoft.com/technet/scriptcenter/topics/win2003/lastlogon.mspx
Regards,
Ai chung
On 8/16/06, *Tashildar, Dinesh (Cognizant)*
<[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Does anyone know script to get last logon stamp for active
directory user?
This e-mail and any files transmitted with it are for the sole use
of the intended recipient(s) and may contain confidential and
privileged information.
If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies of the original message.
Any unauthorised review, use, disclosure, dissemination,
forwarding, printing or copying of this email or any action taken
in reliance on this e-mail is strictly
prohibited and may be unlawful.
Visit us at http://www.cognizant.com <http://www.cognizant.com/>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
