lastlogon question

G

Guest

I am trying to write a (c#) script to query all DCs in a W2K domain, to
search for users and computers that haven't logged on for a certain number
of days.

The difficulty is that I have learned that there are three possible states
for the lastlogon attribute of a user/computer container:

1) A large integer that represents a datetime.
2) A value of zero which translates into 12/31/1600 (?)
3) No attribute in the container for the lastLogon.

I am puzzled by what causes an entry of #2 as opposed to #3. I assume both
#2 and #3 mean the user/computer hasn't used the DC being queried as a
LogonServer.

The existence of #3 makes a filtered query (that doesn't query/parse the
entire AD) more difficult for each of the 27 DCs I must query to get
authoritative information.

I have seen the RealLastLogon product, but it doesn't do computer objects,
only users. I just hope we get to Windows 2003 AD soon!!

Any advice/wisdom appreciated!

--Alex
 
J

Jerold Schulman

I am trying to write a (c#) script to query all DCs in a W2K domain, to
search for users and computers that haven't logged on for a certain number
of days.

The difficulty is that I have learned that there are three possible states
for the lastlogon attribute of a user/computer container:

1) A large integer that represents a datetime.
2) A value of zero which translates into 12/31/1600 (?)
3) No attribute in the container for the lastLogon.

I am puzzled by what causes an entry of #2 as opposed to #3. I assume both
#2 and #3 mean the user/computer hasn't used the DC being queried as a
LogonServer.

The existence of #3 makes a filtered query (that doesn't query/parse the
entire AD) more difficult for each of the 27 DCs I must query to get
authoritative information.

I have seen the RealLastLogon product, but it doesn't do computer objects,
only users. I just hope we get to Windows 2003 AD soon!!

Any advice/wisdom appreciated!

--Alex
MSDN says:

LastLogon
The last time the user logged on. This value is stored as a large integer that represents the number of 100 nanosecond intervals since January 1, 1601 (UTC). A value of zero means that the last logon time is unknown.

See tip 8079 in the 'Tips & Tricks' at http://www.jsiinc.com




Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
P

Paul Bergson

I have this written in vbs if you are interested. It outputs it to a ssv
(semi-colon separated file) and I import into Excel.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top