How to Find a User's Last Logon Time

Different methods of finding users last logon time. AD Users and Computers Attribute Editor, PowerShell, Commercial Active Directory Management - Automation - Audit Tools.

Jan 4, 2023 - 11:39
Feb 20, 2023 - 13:58
How to Find a User's Last Logon Time
Active Directory Users and Computers

It is important to keep an eye on user logon activities to avoid security breaches by catching and preventing any unauthorized user access.

It is one of the main responsibilities of a system administrator to keep organization's IT enviroment secure. And it is very importan to audit users' activities to minimize the risk of unauthorized login attempts.

1. Active Directory Users and Computers Attribute Editor

When a user logs into a Computer, the logon time is stored in the “Last-Logon-Timestamp” attribute in Active Directory Users and Computers.

Step 1 - Open "Active Directory Users and Computers" and click on "View" tab. "Advanced Features" must be turned on.

Step 2 - Browse and open any user account and open "Attribute Editor"

Step 3 - Scroll down to find "lastLogon" attribute and it is done.

Warning: If you have multiple Domain Controllers in the IT enviroment you have to check all Domain Controllers.

2. Powershell

Quick Link to PowerShell Script:

powershell/remove_browsers.ps1 at main · kbsuperuser/powershell (github.com)

Get-ADUser -Filter {enabled -eq $true} -Properties LastLogonTimeStamp | Select-Object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('yyyy MM-dd_hh:mm:ss')}}

  • Save the command above as a "ps1" file and open PoweShell ISE. You will see the results after running it. This command will just show the results. If you want to export and save the query results, you need to add "Export -CSV" to end. So it should be like:

Get-ADUser -Filter {enabled -eq $true} -Properties LastLogonTimeStamp | Select-Object Name, @{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('yyyy-MM-dd_hh:mm:ss')}} | Export-CSV = -Path "C:\lastlogon.csv"

-------*******-------

<#
.SYNOPSIS
    Get Last Logon Times of the Users
.DESCRIPTION
    This PowerShell gets AD users last logon time and export the results to a CSV file. Update the destination of CSV file.
.EXAMPLE
    PS> ./last_logon

.LINK
    https://github.com/kbsuperuser/powershell
.NOTES
    Author: kbsuperuser.com | License: CC0
#>

Get-ADUser -Filter {enabled -eq $true} -Properties LastLogonTimeStamp | Select-Object Name, @{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('yyyy-MM-dd_hh:mm:ss')}} | Export-CSV = -Path "C:\lastlogon.csv"

-------*******-------

3. Commercial Active Directory Tools

There are lots of paid and free commercial tools for Active Directory Automation. Most of the free tools provides limited feature but they are still usefull. On the other hand paid tools are very usefull and it is time effective to use. 

Some of the tools can be used:

  1. SolarWinds Admin Bundle for Active Directory
  2. ManageEngine ADManager Plus
  3. Adaxes from Softerra
  4. Quest Active Administrator 
  5. Spiceworks AD Management Tool 
  6. Anturis Active Directory Monitor 
  7. ENow Active Directory Monitoring and Reporting
  8. AD Fast Reporter

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow