Have you checked the event viewer and see if what you are after is under security?

AD stores a user’s last logon time in the Last-Logon AD user object attribute. In 2003 there is an Ad object attribute known as “Last-logon-timestamp” which helps to store the approx value of the last logon time of a user. It is still possible to see value of last log for auser from MMC as AD & computers snap-in.’/ dnld mmc for XP and if necessary dnld the troubleshoot tools for AD or even u can use dsquery user tool for the purpose. OR u can use 3rd party tool

The most accurate method is to turn on event logging on the PCs to capture log in events and then check them.
- Pull security logs from each system
- Parse each machine’s security event log for log in events.
Remember, like all events, they roll off the log as it fills.
There are tools available that automate this or you can use MS command line tools and SysInternal tools to script yourself.

Alternatively…

To pull from AD is very messy and requires:
- Set event logging on all DCs to capture requried events
- Pulling last logged in time for IDs
- See which DC updated the attribute.
- Pull the security event log from each domain controller to parse and hope event has not rolled off the log
- Check time of ID last update time in event log and match to system IP address, if lots of events in short time this can be a best guess effort.
- Hope that the lease has not changed since the event was logged so you can query IP for machine name