This script is a further development of my previous lastlogon script.
Changes are: time bias with wmi, less code, array based attributes.
By adding extra attributes to the arrAttributes array you can expand the output.
Follow the next steps to run the script (no admin rights needed):
* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\enumerate-lastlogon-details2.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript enumerate-lastlogon-details2.vbs” (without quotes) and enter
The script:
' Name : enumerate-lastlogon-details2.vbs
' Description : script to enumerate the last logon of all AD users and a lot of user attributes V2
' Author : dirk adamsky - deludi bv
' Version : 2.00
' Date : 12-03-2010
' Level : advanced
intBias = TimeZoneBias
arrAttributes = Array("lastLogonTimeStamp","displayname","mail")
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
Set objRootDSE = Nothing
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = Join(arrAttributes,",")
Wscript.Echo Join(arrAttributes,";")
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
On Error Resume Next
strTempOutput = ""
For i = 1 To Ubound(arrAttributes)
strTempOutput = strTempOutput & " ; " & adoRecordset.Fields(arrAttributes(i)).Value
strOutput = Mid(Ltrim(strTempOutput),3)
Next
Set objDate = adoRecordset.Fields(arrAttributes(0)).Value
If (Err.Number <> 0) Then
dtmDate = #1/1/1601#
Else
dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
End If
Set objDate = Nothing
Wscript.Echo strOutput & " ; " & dtmDate
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Function TimeZoneBias
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
For Each objTimeZone in colTimeZone
TimeZoneBias = objTimeZone.Bias
Next
Set colTimeZone = Nothing
Set objWMIService = Nothing
End Function
When you have problems/questions please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
[...] by creating a script that was a combination of earlier scripts. The lastlogon code came from my lastlogon script, the enumeration of the group members code was taken from my enumeratenestedgroup script. The users [...]
[...] I made a new lastlogonscript, it can be found here. This script is based on the lastlogon script by Richard L. Mueller. Added is an enumeration of 30 [...]
Hi,
The other day I came across an equally helpful write up on True Last Logon and I thought I’d share it with you. By the way, there are free Active Directory Reporting Tools out there with which you can determine the true last logon of domain user and computer accounts. I thought I would share it with you in case it can help you as well.
Thanks,
Aaron
How can i get the AD users lastlogon details in Descending order. Please help on this.
Hi Manimaran,
You can do that either in the script or after running the script.
The latter is the easiest.
The steps:
1. save the script enumerate-lastlogon-details2.vbs in c:\temp
2. open a command prompt (no admin rights needed)
3. go to c:\temp
4. give “cscript enumerate-lastlogon-details2.vbs > lastlogon.txt” (without the quotes)
5. when the script is finished the result is a textfile called lastlogon.txt (in c:temp)
6. start excel
7. open the textfile with excel
8. give a semi-column as field separator sign
9. you can now sort the data with excel
When you want to have more user data you can add user properties to the arrAttributes array.
Hope the above helps you finishing your work.
Best regards,
Dirk Adamsky
How can I know the last logon IP address of a certain AD user?
Hi,
the ip address is not logged in Active Directory.
A possible solution is to add some code to your loginscript to write ip address and/or pc name to a logfile.
Best regards,
Dirk Adamsky – Deludi BV
The only problem with the script is that it only queries one DC. In cases where there are more than one DC, you will not have accurate logon dates for all users.
Hi John,
It is not necessary to query more than one Dc because the lastLogonTimeStamp attribute/value is replicated through all DC’s.
Best regards,
Dirk Adamsky
Hi John,
Some extra info:
The lastlogon attribute is not replicated, when you use this attribute you have to query all DC’s, compare the values and find the most recent one.
The lastLogonTimeStamp attribute is replicated through all DC’s so you only have to query one DC.
The lastLogonTimeStamp attribute has a default treshold of 2 weeks, so you cannot use it for lastlogons shorter than 2 weeks ago.
This attribute is mostly used to find accounts that are not used for a longer period (to clean up your AD).
Here is a link with more info on the lastlogontimestamp attribute:
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
Best regards,
Dirk Adamsky
Hello Dirk,
Fisrt thank you for you effort what you’re doing is very helpful for the lazy sysadmin like me
However, by runing the provided script and following your steps I don’t get any file in fact the results are showing up in small windows with the option to click on “OK”.
Can you please help ?
Hi Barca,
From your comment I think that you invoke wscript.exe (windows version) instead of cscript.exe (command line version.
To run a script:
1. open a command prompt
2. go to the directory with the script in it
3. give ‘cscript scriptname’ (without quotes) and enter
Best regards,
Dirk Adamsky
strComputer Command is not working properly when I run script.. Any Ideas 0×80041021
Hi Dirk,
Many thanks for the script ,its working fine in my domain and saves a lot of time for cleaning AD.
Thank you so much.
regards
irshad
Hi Irshad,
Thank you.
Best regards,
dirk adamsky
Hi Kevin,
Maybe the WMI stack is corrupt on your machine.
Can you run the script on another machine?
Dirk Adamsky
none of your scripts work on my Win7 machine… why not?
They throw this error:
Windows Script Host
Line: 55
Char: 2
Error: 0×80041021
Code: 90041021
Source: (null)
Hi, i try the use the script and i got the same error above. :S any idea to add the column whit that information in AD. Thanks
Hi Peter,
The scripts are build on and tested in a 2003/xp environment.
When you have a 2003 AD with a win 7 client they should work also.
Found this explanation for the error code:
http://www.computerperformance.co.uk/Logon/code/code_80041021.htm
Can you check if it’s a cut and paste error?
btw you can copy the scriptcode with the icons in the upper right corner of the script code.
Regards,
dirk adamsky
Hi Peter and Felipe,
Did some testing/checking: you are both right. There were slashes missing in the code on line 55. The reason for that is that i copied the blog articles from my previous site. With the copying i had a problem that the “\” sign wasn’t copied.
The code above is now corrected and working again.
Please let me know if it works on Win7.
Thank you in advance.
Best regards,
dirk adamsky
hi drik,
when i tried to run the script it shows me the Expected statement…
what should i do with that?
thx