Security Basics mailing list archives
Re: Question about Active Directory and last time user has logged on
From: James Fryman <james () frymanet com>
Date: Tue, 04 Sep 2007 13:23:24 -0500
Just to add a bit....If you are running a 2003 native environment, the LDAP schema /lastLogonTimestamp/ can be queried, and is replicated to all domain controllers. If you are doing a historical search, this might be the quickest and easiest way to go. However, if you need up to the second information, you will need to query all DC's in the domain for the /lastLogon/ schema value.
This could save you a few minutes of time and get you a quick answer if the right conditions exist.
gjgowey () tmo blackberry net wrote:
A little vbscript that does an adsi query to get all the controllers then queries each one preserving the newest date can solve this. 15 lines of code maybe. Sent from my BlackBerry wireless handheld. -----Original Message----- From: "Roger A. Grimes" <roger () banneretcs com>Date: Fri, 31 Aug 2007 16:31:57 To:<jasonr_22 () hotmail co uk>, <security-basics () securityfocus com>Subject: RE: Re: Question about Active Directory and last time user has logged on Of course you still have to find the domain controller the person lastlogged on to collect the event.Roger ******************************************************************Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...*email: roger_grimes () infoworld com or roger () banneretcs com *Author of Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley) *http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470 101555 ***************************************************************** -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jasonr_22 () hotmail co uk Sent: Friday, August 31, 2007 7:32 AM To: security-basics () securityfocus com Subject: Re: Re: Question about Active Directory and last time user has logged on Or enable auditing in Group policy for sucessful logins and you dont have to spend a penny. Regards, Jason
Current thread:
- Re: Re: Question about Active Directory and last time user has logged on gjgowey (Sep 04)
- Re: Question about Active Directory and last time user has logged on James Fryman (Sep 04)