Last logon for NT machine 
Author Message
 Last logon for NT machine

Is there a specific tool, or can one write a script to tell you the last
time a particular workstation has logged onto a domain.

Thanks

Sid



Sun, 31 Jul 2005 04:17:43 GMT  
 Last logon for NT machine

Quote:

>Is there a specific tool, or can one write a script to
tell you the last
>time a particular workstation has logged onto a domain.

>Thanks

>Sid

Hi,

Is this an NT client logging into an Active Directory
domain? If so, is there more than on domain controller?

Active Directory has a LastLogon attribute for user and
computer objects, but it is not replicated, so you must
retrieve the value from all domain controllers and find
the largest. In an NT domain, I assume you just bind to
the computer with the WinNT provider and retrieve the
LastLogin attribute. In AD, this should work:

Option Explicit
Dim oRoot, sConfig, oConnection, oCommand, sQuery
Dim oResults, oDC, sDNSDomain, oShell, nBiasKey
Dim nBias, k, sDCs(), sAdsPath, oDate, nDate
Dim oComputer, nLatestDate

' Hard code LDAP AdsPath of computer.
sAdsPath = "cn=MyMachine,ou=Sales,dc=Mydomain,dc=com"

' Obtain local Time Zone bias from machine registry.
' Watch for line wrapping.
Set oShell = CreateObject("Wscript.Shell")
nBiasKey = oShell.RegRead
("HKLM\System\CurrentControlSet\Control\TimeZoneInformation
\ActiveTimeBias")
If UCase(TypeName(nBiasKey)) = "LONG" Then
  nBias = nBiasKey
ElseIf UCase(TypeName(nBiasKey)) = "VARIANT()" Then
  nBias = 0
  For k = 0 To UBound(nBiasKey)
    nBias = nBias + (nBiasKey(k) * 256^k)
  Next
End If

' Determine configuration context and
' DNS domain from RootDSE object.
Set oRoot = GetObject("LDAP://RootDSE")
sConfig = oRoot.Get("ConfigurationNamingContext")
sDNSDomain = oRoot.Get("DefaultNamingContext")

' Use ADO to search Active Directory for
' ObjectClass nTDSDSA.
' This will identify all Domain Controllers.
Set oCommand = CreateObject("ADODB.Command")
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
oConnection.Open = "Active Directory Provider"
oCommand.ActiveConnection = oConnection

sQuery = "<LDAP://" & sConfig _
  & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"

oCommand.CommandText = sQuery
oCommand.Properties("Page Size") = 100
oCommand.Properties("Timeout") = 30
oCommand.Properties("Searchscope") = 2
oCommand.Properties("Cache Results") = False

Set oResults = oCommand.Execute

' Enumerate parent objects of class nTDSDSA. Save
' Domain Controller names in dynamic array sDCs.
k = 0
Do Until oResults.EOF
  Set oDC = _
    GetObject(GetObject(oResults.Fields("AdsPath")).Parent)
  ReDim Preserve sDCs(k)
  sDCs(k) = oDC.DNSHostName
  k = k + 1
  oResults.MoveNext
Loop

' Retrieve LastLogon attribute for computer on
' each Domain Controller.
nLatestDate = #1/1/1601#
For k = 0 To Ubound(sDCs)
  Set oComputer = GetObject("LDAP://" & sDCs(k) & "/" _
    & sAdsPath)

' Trap error in case LastLogon is null.
  On Error Resume Next
  Set oDate = oComputer.LastLogon
  If Err.Number <> 0 Then
    Err.Clear
    nDate = #1/1/1601#
  Else
    If (oDate.HighPart = 0) And (oDate.LowPart = 0 ) Then
      nDate = #1/1/1601#
    Else
      nDate = #1/1/1601# + (((oDate.HighPart * (2 ^ 32)) _
        + oDate.LowPart)/600000000 - nBias)/1440
    End If
  End If
  On Error GoTo 0
  If nDate > nLatestDate Then
    nLatestDate = nDate
  End If
Next

' Output latest LastLogon date for computer.
Wscript.Echo "Computer: " & sAdsPath & vbCrLf _
  & "Last Logon: " & nLatestDate

Richard



Sun, 31 Jul 2005 06:41:18 GMT  
 Last logon for NT machine

Quote:

> Is there a specific tool, or can one write a script to tell you the last
> time a particular workstation has logged onto a domain.

Hi

One problem for this issue. You need to check every single domain controller for
that value. That value is not replicated between domain controllers which means
you will have to query all the domain controllers and figure out the most recent
time for each one (as Richard explained).

If this is to be done to remove unused computer accounts from the domain, it is
easier to check when the password on the computer was last changed, because this
is a replicated value. If the password hasn't been changed e.g. the last 6
months, you can define the computer as inactive. A computer will change it's
password every 30 days if you haven't changed the default value (a domain wide
setting).

How Long Until My Password Expires?
http://msdn.microsoft.com/library/en-us/dnclinic/html/scripting091020...

Here is parts of the script in the link above (for Active Directory), just
changed it to get the current computers last changed date instead of current
user:

' Determine when the computer last changed it's password. Use the LDAP provider
' and the IADsUser interface to read the PasswordLastChanged property.
' This property maps to the pwdLastSet attribute of a user/computer account
object.

Set oADSystemInfo = CreateObject("ADSystemInfo")              ' LINE 8
Set oComputer = GetObject("LDAP://" & oADSystemInfo.ComputerName)   ' LINE 9

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D     ' LINE 3

On Error Resume Next
dtmValue = oComputer.PasswordLastChanged           ' LINE 6

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "The password has never been set."
    WScript.Quit
Else
    WScript.Echo "The password was last set on " & _
                 DateValue(dtmValue) & " at " & TimeValue(dtmValue)
End If

To enumerate all computer accounts in AD, see script "Enumerate Computer
Accounts in Active Directory" under Computer Management at
http://www.microsoft.com/technet/scriptcenter

--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and a ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter



Sun, 31 Jul 2005 06:50:46 GMT  
 Last logon for NT machine
NT client logging into NT domain.  And you were right in that I don't care
what user logged on, just when the workstation last logged on.

Thank you.


Quote:

> >Is there a specific tool, or can one write a script to
> tell you the last
> >time a particular workstation has logged onto a domain.

> >Thanks

> >Sid

> Hi,

> Is this an NT client logging into an Active Directory
> domain? If so, is there more than on domain controller?

> Active Directory has a LastLogon attribute for user and
> computer objects, but it is not replicated, so you must
> retrieve the value from all domain controllers and find
> the largest. In an NT domain, I assume you just bind to
> the computer with the WinNT provider and retrieve the
> LastLogin attribute. In AD, this should work:

> Option Explicit
> Dim oRoot, sConfig, oConnection, oCommand, sQuery
> Dim oResults, oDC, sDNSDomain, oShell, nBiasKey
> Dim nBias, k, sDCs(), sAdsPath, oDate, nDate
> Dim oComputer, nLatestDate

> ' Hard code LDAP AdsPath of computer.
> sAdsPath = "cn=MyMachine,ou=Sales,dc=Mydomain,dc=com"

> ' Obtain local Time Zone bias from machine registry.
> ' Watch for line wrapping.
> Set oShell = CreateObject("Wscript.Shell")
> nBiasKey = oShell.RegRead
> ("HKLM\System\CurrentControlSet\Control\TimeZoneInformation
> \ActiveTimeBias")
> If UCase(TypeName(nBiasKey)) = "LONG" Then
>   nBias = nBiasKey
> ElseIf UCase(TypeName(nBiasKey)) = "VARIANT()" Then
>   nBias = 0
>   For k = 0 To UBound(nBiasKey)
>     nBias = nBias + (nBiasKey(k) * 256^k)
>   Next
> End If

> ' Determine configuration context and
> ' DNS domain from RootDSE object.
> Set oRoot = GetObject("LDAP://RootDSE")
> sConfig = oRoot.Get("ConfigurationNamingContext")
> sDNSDomain = oRoot.Get("DefaultNamingContext")

> ' Use ADO to search Active Directory for
> ' ObjectClass nTDSDSA.
> ' This will identify all Domain Controllers.
> Set oCommand = CreateObject("ADODB.Command")
> Set oConnection = CreateObject("ADODB.Connection")
> oConnection.Provider = "ADsDSOObject"
> oConnection.Open = "Active Directory Provider"
> oCommand.ActiveConnection = oConnection

> sQuery = "<LDAP://" & sConfig _
>   & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"

> oCommand.CommandText = sQuery
> oCommand.Properties("Page Size") = 100
> oCommand.Properties("Timeout") = 30
> oCommand.Properties("Searchscope") = 2
> oCommand.Properties("Cache Results") = False

> Set oResults = oCommand.Execute

> ' Enumerate parent objects of class nTDSDSA. Save
> ' Domain Controller names in dynamic array sDCs.
> k = 0
> Do Until oResults.EOF
>   Set oDC = _
>     GetObject(GetObject(oResults.Fields("AdsPath")).Parent)
>   ReDim Preserve sDCs(k)
>   sDCs(k) = oDC.DNSHostName
>   k = k + 1
>   oResults.MoveNext
> Loop

> ' Retrieve LastLogon attribute for computer on
> ' each Domain Controller.
> nLatestDate = #1/1/1601#
> For k = 0 To Ubound(sDCs)
>   Set oComputer = GetObject("LDAP://" & sDCs(k) & "/" _
>     & sAdsPath)

> ' Trap error in case LastLogon is null.
>   On Error Resume Next
>   Set oDate = oComputer.LastLogon
>   If Err.Number <> 0 Then
>     Err.Clear
>     nDate = #1/1/1601#
>   Else
>     If (oDate.HighPart = 0) And (oDate.LowPart = 0 ) Then
>       nDate = #1/1/1601#
>     Else
>       nDate = #1/1/1601# + (((oDate.HighPart * (2 ^ 32)) _
>         + oDate.LowPart)/600000000 - nBias)/1440
>     End If
>   End If
>   On Error GoTo 0
>   If nDate > nLatestDate Then
>     nLatestDate = nDate
>   End If
> Next

> ' Output latest LastLogon date for computer.
> Wscript.Echo "Computer: " & sAdsPath & vbCrLf _
>   & "Last Logon: " & nLatestDate

> Richard



Mon, 01 Aug 2005 03:06:05 GMT  
 Last logon for NT machine
Thank you.  It is to get rid of the unused computer accounts.  I will look
at the password approach.



Quote:

> > Is there a specific tool, or can one write a script to tell you the last
> > time a particular workstation has logged onto a domain.

> Hi

> One problem for this issue. You need to check every single domain
controller for
> that value. That value is not replicated between domain controllers which
means
> you will have to query all the domain controllers and figure out the most
recent
> time for each one (as Richard explained).

> If this is to be done to remove unused computer accounts from the domain,
it is
> easier to check when the password on the computer was last changed,
because this
> is a replicated value. If the password hasn't been changed e.g. the last 6
> months, you can define the computer as inactive. A computer will change
it's
> password every 30 days if you haven't changed the default value (a domain
wide
> setting).

> How Long Until My Password Expires?

http://msdn.microsoft.com/library/en-us/dnclinic/html/scripting091020...

- Show quoted text -

Quote:

> Here is parts of the script in the link above (for Active Directory), just
> changed it to get the current computers last changed date instead of
current
> user:

> ' Determine when the computer last changed it's password. Use the LDAP
provider
> ' and the IADsUser interface to read the PasswordLastChanged property.
> ' This property maps to the pwdLastSet attribute of a user/computer
account
> object.

> Set oADSystemInfo = CreateObject("ADSystemInfo")              ' LINE 8
> Set oComputer = GetObject("LDAP://" & oADSystemInfo.ComputerName)   ' LINE
9

> Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D     ' LINE 3

> On Error Resume Next
> dtmValue = oComputer.PasswordLastChanged           ' LINE 6

> If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
>     WScript.Echo "The password has never been set."
>     WScript.Quit
> Else
>     WScript.Echo "The password was last set on " & _
>                  DateValue(dtmValue) & " at " & TimeValue(dtmValue)
> End If

> To enumerate all computer accounts in AD, see script "Enumerate Computer
> Accounts in Active Directory" under Computer Management at
> http://www.microsoft.com/technet/scriptcenter

> --
> torgeir
> Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and a ONLINE version of the 1328 page
> Scripting Guide: http://www.microsoft.com/technet/scriptcenter



Mon, 01 Aug 2005 03:07:32 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. Reboot Remote NT machine outside of NT domain

2. Last Logon

3. User's Last Logon

4. Last logon times

5. Retrieve Last Logon via Active Directory

6. Last login date in NT 4

7. NT Domain Last User Login time

8. Logon Script Hanging on Win9x machines

9. how can I check if my machine is workstation or server (logon)

10. Adding Printers during Logon on Win9x/ME Machines?

11. Windows NT Machine, join Domain through VBS

12. Do you have a script to check if an NT service is present on a machine

 

 
Powered by phpBB® Forum Software