How to Find a User’s Last Logon Time

In this post, I’m going to show you three simple methods for finding active directory users last logon date and time.

Every time you log into a computer that is connected to Active Directory it stores that users last logon date and time into a user attribute called lastlogon.

Let’s check out some examples on how to retrieve this value.

TIP: The lastlogon attribute is the most accurate way to check active directory users last logon time. There is also the LastLogonTimeStamp attribute but will be 9-14 days behind the current date. The intended purpose of the LastLogonTimeStamp is to help identify stale user and computer accounts. The lastlogon attribute is not replicated to other DCs so you will need to check this attribute on each DC to find the most recent time. The tool in example 3 will do this for you.

Method 1: Find last logon time using the Attribute Editor

These first two examples work well for checking a single user. If you want to run a report for all users then check out example 3.

Step1: Open Active Directory Users and Computers and make sure Advanced features is turned on.

Step 2: Browse and open the user account

Step 3: Click on Attribute Editor

Step 4: Scroll down to view the last Logon time

If you have multiple domain controllers you will need to check this value on each one to find the most recent time.

Related: Find all Disabled AD User Accounts

Method 2: Using PowerShell to find last logon time

Step 1: Log into a Domain Controller

If you don’t run this from a DC, you may need to import the Active Directory PowerShell modules.

Step 2: Open PowerShell

Step 3: Run the following command

Get-ADUser -Identity “username” -Properties “LastLogonDate”

Replace “username” with the user you want to report on.

Video demonstrating both methods.

Method 3: Find All AD Users Last Logon Time

The built in Microsoft tools does not provide an easy way to report the last logon time for all users that’s why I created the AD Last Logon Reporter Tool.

This tool allows you to find the last logon time for all users in your domain. Optionally you can limit the scope to an OU or group.

Step 1: Download and launch tool

You can download the tool here

It only takes 3 simple steps to run this tool. It’s very easy!

1. Open Tool

2. Select search options

3. Click run

You can see in the screenshot below the tool returns the users name, account name, domain controller name, and the last logon date. You can click on any column to sort the results in ascending or descending order.

Step 2: Export results to CSV

To export the results just click on the export button, select your format and click export all rows.

You will be prompted for a location to save the file, once saved the file will automatically open.

Here is a screenshot of the report exported to CSV

The AD last logon Reporter eliminates all the manual work of checking the lastlogon attribute for all users across all domain controllers. It would be very time consuming and difficult to return the real last logon time without this tool.

I have just shown you three very simple and quick methods for finding when a user last logged on to the domain.

I’d like to hear what you have to say:

Was this post helpful or do you have questions?

Let me know by leaving a comment below right now.

Top 25
Active Directory
Security Checklist

Download this FREE PDF checklist that includes the top 25 best practices for securing Active Directory and Windows systems.

24 thoughts on “How to Find a User’s Last Logon Time”

  1. To get this info for all users:

    Get-ADUser -Filter * -Properties Name,LastLogon,Displayname, EmailAddress, Title | select Name,
    @{Name=’LastLogon’;Expression={[DateTime]::FromFileTime($_.LastLogon)}},DisplayName, EmailAddress, Title | Export-CSV “C

  2. This advice seems very old fashioned and amateur (not “pro”), and I have no idea how this page is so high in Google rank.

    “LastLogon” queried in this way is only accurate for a domain where there is one domain controller. The LastLogon time attribute is not replicated between domain controllers, and it only applies to the DC where you’re reading the value from. If you query the user information on another DC, it can be completely different (and generally *is* different).

    You can use LastLogonTimestamp (which is replicated to all DCs) to find a last logon time that’s accurate to within 14 days (I don’t know why it’s this interval). That is, for a date that’s more than 14 days ago, that was the last time the user logged on at any DC in the domain. This is useful if you want to know accounts that last logged on a long time ago, such as more than 3 months ago or whatever.

    If you need to know the last time an account logged on within 14 days, you need to query the LastLogon attribute for the user on *every DC* in the domain and get the most recent time from those results. There are plenty of scripts available on the internet that will help you do this.

    • TrixM,

      Thanks for the detailed explanation. You are correct, I failed to mention in my article that the LastLogon attribute does not get replicated between DC. I’ll update the post. The LastLogonTimestamp can be updated even if a user has not logged on. That is why it’s better to use the LastLogon attribute to accurately report a user’s last logon time.

  3. Hi Robert, the LastLogon attribute logs successful and unsuccessful logins?

    2. What is special about the Active Directory built-in account in relation to schema admin, enterprise admin and domain admin?

  4. Hi,
    this step is very help me thank you….

    Step 3: Run the following command

    Get-ADUser -Identity “username” -Properties “LastLogonDate”

    Replace “username” with the user you want to report on.

  5. Hi,

    This is a simple powershell script which I created to fetch the last login details of all users from AD.

    1) Login to AD with admin credentials
    2) Open the Powershell in AD with Administrator elevation mode
    3) Run this below mentioned powershell commands to get the last login details of all the users from AD

    Get-ADUser -Filter * -Properties * | Select-Object -Property Name,LastLogonDate | Export-csv c:/lastlogon.csv

    This will create a CSV file in your C Drive with the name lastlogon.csv which will contain the information of last login time of all the users

    If you want to store the CSV file in different location, just change the path accordingly


  6. I have to know LastLogon I have the exported excel file in LastLogon Field it is Showing

    how can i know the time

    • This should do it.

      Get-ADUser -Identity “username” -Properties “LastLogon” | Select Name, @{N=’LastLogon’; E={[DateTime]::FromFileTime($_.LastLogon)}}


Leave a Comment