Security Basics mailing list archives

Re: Question about Active Directory and last time user has logged on

From: James Fryman <james () frymanet com>
Date: Tue, 04 Sep 2007 13:23:24 -0500

Just to add a bit....

If you are running a 2003 native environment, the LDAP schema/lastLogonTimestamp/ can be queried, and is replicated to all domaincontrollers. If you are doing a historical search, this might be thequickest and easiest way to go. However, if you need up to the secondinformation, you will need to query all DC's in the domain for the/lastLogon/ schema value.

This could save you a few minutes of time and get you a quick answer ifthe right conditions exist.


gjgowey () tmo blackberry net wrote:

A little vbscript that does an adsi query to get all the controllers then queries each one preserving the newest date 
can solve this.  15 lines of code maybe.

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: "Roger A. Grimes" <roger () banneretcs com>

Date: Fri, 31 Aug 2007 16:31:57To:<jasonr_22 () hotmail co uk>, <security-basics () securityfocus com>

Subject: RE: Re: Question about Active Directory and last time user has logged on


Of course you still have to find the domain controller the person last

logged on to collect the event.

Roger

*****************************************************************

*Roger A. Grimes, InfoWorld, Security Columnist*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...

*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Windows Vista Security: Securing Vista Against Malicious
Attacks (Wiley)
*http://www.amazon.com/Windows-Vista-Security-Securing-Malicious/dp/0470
101555
*****************************************************************


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of jasonr_22 () hotmail co uk
Sent: Friday, August 31, 2007 7:32 AM
To: security-basics () securityfocus com
Subject: Re: Re: Question about Active Directory and last time user has
logged on


Or enable auditing in Group policy for sucessful logins and you dont
have to spend a penny.

Regards,

Jason

Current thread:

Re: Re: Question about Active Directory and last time user has logged on gjgowey (Sep 04)
- Re: Question about Active Directory and last time user has logged on James Fryman (Sep 04)