How do i find which user was the last to log onto a PC in an AD Domain?

Tags:
Active Directory Users and Computers
Windows XP
I'm part of an AD domain and i'd like to know which was the last user to log onto the machines in that domain and the date that happened? I'd also like that information for all the machines in each container.
So for example if the London container contains 50 PC's, can i find out who was the last user to log onto each PC and the date this occurred?


Software/Hardware used:
Windows XP, Active Directory
ASKED: February 2, 2012  9:28 PM
UPDATED: March 14, 2012  4:30 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hello
My name is glory johnson
i saw your profile today(.techtarget.com) and
became intrested in you,i will also like to know you the more,and i
want you to send an email to my email address so i can give you my picture for you to know whom i am.Here is my email address (gloryjohnson001@yahoo.com)
I believe we can move from here!I am waiting for your mail to my email address above.
glory.
(Remeber the distance or colour does not matter but love matters alot in life)
please contact me here (gloryjohnson001@yahoo.com)

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Gabe9527
    Have you checked the event viewer and see if what you are after is under security?
    10,800 pointsBadges:
    report
  • Subhendu Sen
    AD stores a user’s last logon time in the Last-Logon AD user object attribute. In 2003 there is an Ad object attribute known as "Last-logon-timestamp" which helps to store the approx value of the last logon time of a user. It is still possible to see value of last log for auser from MMC as AD & computers snap-in.'/ dnld mmc for XP and if necessary dnld the troubleshoot tools for AD or even u can use dsquery user tool for the purpose. OR u can use 3rd party tool
    26,090 pointsBadges:
    report
  • Pjb0222
    The most accurate method is to turn on event logging on the PCs to capture log in events and then check them. - Pull security logs from each system - Parse each machine's security event log for log in events. Remember, like all events, they roll off the log as it fills. There are tools available that automate this or you can use MS command line tools and SysInternal tools to script yourself. Alternatively... To pull from AD is very messy and requires: - Set event logging on all DCs to capture requried events - Pulling last logged in time for IDs - See which DC updated the attribute. - Pull the security event log from each domain controller to parse and hope event has not rolled off the log - Check time of ID last update time in event log and match to system IP address, if lots of events in short time this can be a best guess effort. - Hope that the lease has not changed since the event was logged so you can query IP for machine name
    3,310 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following