In this post, I’m going to show you two simple methods for finding a user’s last logon time.
It is common for HR and supervisors to request when an employee last logged in to the network. System administrators may also use this for security forensic reasons.
Every time you log into a computer that is connected to Active Directory it stores that user’s logon time into a user attribute called Last-Logon.
There are multiple ways to retrieve the value of this attribute.
Below I have provided two simple methods for retrieving this value and both include step by step instructions.
Recommended Tool: SolarWinds Admin Bundle for Active Directory
3 Free tools, find inactive user or computer accounts and quickly bulk import new user accounts.
Method 1: Find last logon time using the Attribute Editor
Step1: Open Active Directory Users and Computers and make sure Advanced features is turned on.
Step 2: Browse and open the user account
Step 3: Click on Attribute Editor
Step 4: Scroll down to view the last Logon time
Related: Find all Disabled AD User Accounts
Method 2: Using PowerShell to find last logon time
Step 1: Log into a Domain Controller
If you don’t run this from a DC, you may need to import the Active Directory PowerShell modules.
Step 2: Open PowerShell
Step 3: Run the following command
Get-ADUser -Identity “username” -Properties “LastLogonDate”
Replace “username” with the user you want to report on.
Video demonstrating both methods.
I have just shown you two very simple and quick methods for finding when a user last logged on to the domain.
I’d like to hear what you have to say:
Was this post helpful or do you have questions?
Let me know by leaving a comment below right now.
Recommended Tool: SolarWinds Server & Application Monitor (SAM)
This utility was designed to Monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.
What I like best about SAM is it’s easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.