How to Find a User’s Last Logon Time

In this post, I’m going to show you three simple methods for finding active directory users last logon date and time.

Every time you log into a computer that is connected to Active Directory it stores that users last logon date and time into a user attribute called lastlogon.

TIP: The lastlogon attribute is the most accurate way to check active directory users’ last logon time. There is also the LastLogonTimeStamp attribute but will be 9-14 days behind the current date. The intended purpose of the LastLogonTimeStamp is to help identify stale user and computer accounts. The lastlogon attribute is not replicated to other DCs so you will need to check this attribute on each DC to find the most recent time. The AD Pro Toolkit will get the last logon details from all DCs.

Let’s check out some examples!

Method#1 Find Last Logon Time Using the Attribute Editor

Step 1: Open Active Directory Users and Computers and make sure Advanced Features is turned on.

Step 2: Browse and open the user account

Step 3: Click on Attribute Editor

Step 4: Scroll down to view the last Logon time

If you have multiple domain controllers you will need to check this value on each one to find the most recent time.

Method#2 AD Pro Toolkit

Step 1: Download Tool

You can try this tool for free, download your copy here.

Step 2: Open Tool -> Select Last Logon Report

Select from Entire Domain, or an OU or group.

Click “Run” to generate a report.

Step 3: To Export click the export button

Find All AD Users Last Logon Time

You can use the AD Pro Toolkit or PowerShell to get all users last logon date and time.

Tip: Keep in mind to get the TRUE last logon date with PowerShell you would need to run the script on all domain controllers as the value is not replicated. The AD Pro Toolkit automatically gets the real last logon date and time from all domain controllers.

PowerShell Steps:

1: Log into a Domain Controller

If you don’t run this from a DC, you may need to import the Active Directory PowerShell modules.

2: Open PowerShell

3: Run the following command

Get-ADUser -filter * -Properties "LastLogonDate" | select name, LastLogonDate

Video demonstrating both methods.

AD Pro Toolkit Last Logon Reporter

The built-in Microsoft tools do not provide an easy way to report the last logon time for all users that’s why I created the AD Last Logon Reporter Tool.

The tool has the following benefits:

  • Easy to use
  • Search entire domain, OU, or group
  • Quickly export the report to CSV
  • Add or remote user attributes.
  • Sort and filter the results

Step 1: Download and launch the tool

You can try this tool for free, download your copy here.

It only takes 3 simple steps to run this tool. It’s very easy!

1. Open Tool

2. Select search options

3. Click run

You can see in the screenshot below the tool returns the users name, account name, domain controller name, and the last logon date. You can click on any column to sort the results in ascending or descending order.

Step 2: Export Results to CSV

To export the results just click on the export button, select your format and click export all rows.

You will be prompted for a location to save the file, once saved the file will automatically open.

Here is a screenshot of the report exported to CSV

The AD last logon Reporter eliminates all the manual work of checking the lastlogon attribute for all users across all domain controllers. It would be very time consuming and difficult to return the real last logon time without this tool.

I have just shown you three very simple and quick methods for finding when a user last logged on to the domain.

I’d like to hear what you have to say:

Was this post helpful or do you have questions?

Let me know by leaving a comment below right now.

Recommended Tool: Permissions Analyzer for Active Directory

This FREE tool lets you get instant visibility into user and group permissions and allows you to quickly check user or group permissions for files, network, and folder shares.

You can analyze user permissions based on an individual user or group membership.

This is a Free tool, download your copy here.

35 thoughts on “How to Find a User’s Last Logon Time”

  1. Hi,

    This is perfect article but i would like to pull last logon for all users how to go about

    Thanks

    Reply
      • Klaawz,

        Thanks for the suggestion.

        I saw your blog post on how to create a last logon report with AD FastReporter. Is there a way to save the report for quick access or do you have to manually create it each time?

        Reply
        • In the Free version, you can export a report to a CSV, XLSX, or HTML file.
          In the Pro version, all reports are stored in a local database and are available at any time for viewing or exporting.

          Reply
          • Thanks Klaawz

      • Wrong PS for what they are asking.

        Reply
    • Man… I sure do get tired of people who want you to write the code for them. >.< Learn powershell guys.

      Reply
  2. To get this info for all users:

    Get-ADUser -Filter * -Properties Name,LastLogon,Displayname, EmailAddress, Title | select Name,
    @{Name=’LastLogon’;Expression={[DateTime]::FromFileTime($_.LastLogon)}},DisplayName, EmailAddress, Title | Export-CSV “C
    :\temp\Email_Addresses.csv”

    Reply
  3. This advice seems very old fashioned and amateur (not “pro”), and I have no idea how this page is so high in Google rank.

    “LastLogon” queried in this way is only accurate for a domain where there is one domain controller. The LastLogon time attribute is not replicated between domain controllers, and it only applies to the DC where you’re reading the value from. If you query the user information on another DC, it can be completely different (and generally *is* different).

    You can use LastLogonTimestamp (which is replicated to all DCs) to find a last logon time that’s accurate to within 14 days (I don’t know why it’s this interval). That is, for a date that’s more than 14 days ago, that was the last time the user logged on at any DC in the domain. This is useful if you want to know accounts that last logged on a long time ago, such as more than 3 months ago or whatever.

    If you need to know the last time an account logged on within 14 days, you need to query the LastLogon attribute for the user on *every DC* in the domain and get the most recent time from those results. There are plenty of scripts available on the internet that will help you do this.

    Reply
    • TrixM,

      Thanks for the detailed explanation. You are correct, I failed to mention in my article that the LastLogon attribute does not get replicated between DC. I’ll update the post. The LastLogonTimestamp can be updated even if a user has not logged on. That is why it’s better to use the LastLogon attribute to accurately report a user’s last logon time.

      Reply
    • So glad I read the comments to find this little gem tidbit. LastLogonTimestamp saved the day for me.

      Reply
  4. Hi Robert, the LastLogon attribute logs successful and unsuccessful logins?

    2. What is special about the Active Directory built-in account in relation to schema admin, enterprise admin and domain admin?

    Reply
  5. Hi,
    this step is very help me thank you….

    Step 3: Run the following command

    Get-ADUser -Identity “username” -Properties “LastLogonDate”

    Replace “username” with the user you want to report on.

    Reply
  6. Hi,

    This is a simple powershell script which I created to fetch the last login details of all users from AD.

    STEPS:
    ———
    1) Login to AD with admin credentials
    2) Open the Powershell in AD with Administrator elevation mode
    3) Run this below mentioned powershell commands to get the last login details of all the users from AD

    Get-ADUser -Filter * -Properties * | Select-Object -Property Name,LastLogonDate | Export-csv c:/lastlogon.csv

    This will create a CSV file in your C Drive with the name lastlogon.csv which will contain the information of last login time of all the users

    If you want to store the CSV file in different location, just change the path accordingly

    Regards,
    Shahul

    Reply
    • Shahul, thanks for sharing.

      Reply
  7. Am I able to use the “-match” command for the “username” in -Identity to find a list of users with RegEx?

    Reply
  8. Just wanted to say Thank you, this is very useful information…

    Reply
  9. How do you get the computer name they last logged into as well?

    Reply
  10. I have to know LastLogon I have the exported excel file in LastLogon Field it is Showing
    132635534097464000

    how can i know the time

    Reply
    • This should do it.

      Get-ADUser -Identity “username” -Properties “LastLogon” | Select Name, @{N=’LastLogon’; E={[DateTime]::FromFileTime($_.LastLogon)}}

      Reply
  11. Is there a way to display the last logon date per user PER COMPUTER? for example, i login to multiple computers and want to know when the last time i logged in to a specific one.
    Thank you.

    Reply
  12. Hi, Robert.

    I need a simple help like the Eugene.
    Sometimes I need to identify by username the last computer used or still using.
    I tried a lot of scripts but I cannot find a simple one for that.

    Thanks for the help.

    Reply
    • This would require checking the logs on the local computer as this info is not stored in Active Directory.

      You can do this with PowerShell, here is an example, https://theposhwolf.com/howtos/Get-LoginEvents/

      I get this request a lot so I might include this in a future release of my GUI toolkit.

      Reply
        • This script is also running locally. It is running the command “Invoke-Command -ComputerName $u.Name -ScriptBlock {quser}” against each computer to see who is currently logged on. It will only report if someone is currently logged on.

          Copy the script into PowerShell ISE click the run button then you will be able to use the Get-UserLogon command.

          Reply
          • Hi, Robert.

            Sorry to bother you.

            Robert I tried but at ISE I got this;

            PS C:\Users\Administrator.GPRO> Invoke-Command -ComputerName $u.Name -ScriptBlock {quser}
            Invoke-Command : Cannot validate argument on parameter ‘ComputerName’. The argument is null or empty. Supply an argument that is not null or empty and then try the
            command again.
            At line:1 char:30
            + Invoke-Command -ComputerName $u.Name -ScriptBlock {quser}
            + ~~~~~~~
            + CategoryInfo : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException
            + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand

            Thanks for the help.

          • Did you copy the entire script lines 1 to 155 into ISE?

            I tested it and didn’t get any errors.

  13. Hi, Robert.

    The script worked, thanks.
    Now I can search by computer and I will get the user.
    Is possible to search by user and get the computer name?
    Get-UserLogon -All – this command took more then 30 minutes
    I would like to insert the name of the user and see the last computer logged.
    will be possible?

    Reply
  14. Hi,

    Is there a way to find the last login date\time and what was the hostname used logged on to?

    Reply

Leave a Reply to Robert Allen Cancel reply