In this post, I’m going to show you three simple methods for finding active directory users last logon date and time.
Every time you log into a computer that is connected to Active Directory it stores that users last logon date and time into a user attribute called lastlogon.
Let’s check out some examples on how to retrieve this value.
TIP: The lastlogon attribute is the most accurate way to check active directory users last logon time. There is also the LastLogonTimeStamp attribute but will be 9-14 days behind the current date. The intended purpose of the LastLogonTimeStamp is to help identify stale user and computer accounts. The lastlogon attribute is not replicated to other DCs so you will need to check this attribute on each DC to find the most recent time. The tool in example 3 will do this for you.
Method 1: Find last logon time using the Attribute Editor
These first two examples work well for checking a single user. If you want to run a report for all users then check out example 3.
Step1: Open Active Directory Users and Computers and make sure Advanced features is turned on.
Step 2: Browse and open the user account
Step 3: Click on Attribute Editor
Step 4: Scroll down to view the last Logon time
If you have multiple domain controllers you will need to check this value on each one to find the most recent time.
Related: Find all Disabled AD User Accounts
Method 2: Using PowerShell to find last logon time
Step 1: Log into a Domain Controller
If you don’t run this from a DC, you may need to import the Active Directory PowerShell modules.
Step 2: Open PowerShell
Step 3: Run the following command
Get-ADUser -Identity “username” -Properties “LastLogonDate”
Replace “username” with the user you want to report on.
Video demonstrating both methods.
Method 3: Find All AD Users Last Logon Time
The built in Microsoft tools does not provide an easy way to report the last logon time for all users that’s why I created the AD Last Logon Reporter Tool.
This tool allows you to select a single DC or all DCs and return the real last logon time for all active directory users.
Step 1: Download and launch tool
It only takes 3 simple steps to run this tool. It’s very easy!
1. Run the AD Last Logon Reporter executable
2. Select all DCs or a single DC from the drop down
3. Click the generate report button in the action section
You can see in the screenshot below the tool returns the users name, account name, domain controller name, and the last logon date. You can click on any column to sort the results in ascending or descending order.
Step 2: Export results to CSV or HTML
To export the results just click on the CSV or HTML button in the actions section.
You will be prompted for a location to save the file, once saved the file will automatically open.
Here is a screenshot of the report exported to HTML.
The AD last logon Reporter eliminates all the manual work of checking the lastlogon attribute for all users across all domain controllers. It would be very time consuming and difficult to return the real last logon time without this tool.
I have just shown you three very simple and quick methods for finding when a user last logged on to the domain.
I’d like to hear what you have to say:
Was this post helpful or do you have questions?
Let me know by leaving a comment below right now.
Recommended Tool: SolarWinds Server & Application Monitor (SAM)
This utility was designed to Monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.
What I like best about SAM is it’s easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.