How to Get Last Logon Time for a User Account

It’s actually really easy to figure out the last time a user account logged onto (authenticated with) a machine on your network.

Each time an account successfully authenticates while on the network the event is logged in Active Directory in an attribute named lastLogon.

This attribute can be read in one of several ways. Let’s take a look at the easiest ones.

Finding last logon time with Active Directory Administration Center

By far the easiest method for those that just need to look up one user’s last logon and prefer gui interfaces is using the Attribute Editor within ADAC.

Simply open ADAC (Active Direcotry Administration Center) and navigate to your desired user account.

Navigate to the extensions section and click on the attribute editor.

You’ll find the last logon time to the right of the lastLogon attribute.

You can also access this information using legacy Active Directory Users and Computers (provided you have enabled Advanced Features) but I prefer to use ADAC (as does Microsoft).

Determining Last Logon with Powershell

My favorite method for finding the last logon time (and really anything in an active directory domain) is to use PowerShell. It’s just so darn handy and quick!

The easiest way to start is by connecting to one of your domain controllers and launching PowerShell as an admin.

You can also import the Active Directory PowerShell Module (already done if you have installed Remote Server Admin Tools (RSAT)).

Once in PowerShell run the command:

Get-ADUser -Identity “cjones” -Properties “LastLogonDate”

In this example cjones is the username of the account we are needing the last logon for. The ouput of the above command looks like this:

DistinguishedName : CN=Chris Jones,OU=Users,DC=npgdom,DC=com
Enabled : True
GivenName : Christopher
LastLogonDate : 9/5/2018 9:06:36 AM
Name : Chris Jones
ObjectClass : user
ObjectGUID :
SamAccountName : CJONES
SID : S-1-5-21-8685940569-6978574657-9285763528-5587
Surname : Jones
UserPrincipalName : CJONES@NPGDOM.COM

As you can see, the output contains the field LastLogonDate complete with the last time that the cjones account authenticated with the domain on a computer.

If you want to collect the last logon information for all of the users in an OU and output it to a CSV file you can customize and use the following script within your PowerShell session:

Get-ADUser -Filter * -SearchBase “ou=users,dc=npgdom,dc=com” -ResultPageSize 0 -Property CN, Description, LastLogonTimestamp | Select-Object -Property CN, Description, @{ n = “LastLogonDate”; e = { [datetime]::FromFileTime( $_.lastLogonTimestamp ) } } | Sort-Object -Property CN, Description, LastLogonDate | Export-CSV -NoTypeInformation “C:\output.csv”

Locate your CSV file and open it to find each user listed by CN followed by their description and last logon date and time stamps.

That’s it! Hopefully this will help you save some valuable time!

Recommended for You: Solarwinds Server & Application Monitor (SAM)

Know which applications are having issues in your environment before users complain? Know which systems are causing those problems? How about which servers are about to have problems like running out of space or memory?

Automate collection of data and alerting on your applications and servers with Solarwinds Server & Application Monitor so you have these answers.

Get insight into Active Directory, DNS, DHCP, and your Virtual environment without needing to mess with complex templates or knowing a single line of code.

Leave a Reply

Your email address will not be published. Required fields are marked *