Find Last Logon Time/Date of Users/Computers

When a user logs into a Computer, the logon time is stored in the “Last-Logon-Timestamp” attribute in Active Directory.

Keeping an eye on user logon activities will help you avoid security breaches by catching and preventing any unauthorized user access.

As a System Administrator, you are responsible to keep your organization’s IT infrastructure secure and regularly auditing users’ last login dates in Active Directory is one way to minimize the risk of unauthorized login attempts.

You can also use the Last-Logon-Time reports to find and disable any inactive user accounts.

In this tutorial, we will show you how to generate last logon reports using 3 different methods:

1. Free Utility by SolarWinds

2. PowerShell

3. Active Directory GUI tool

1. Free AD Bundle Utility

Through some digging, we found a Free tool from SolarWinds that shows you additional login data/time for a user – and its completely free!

This tool is part of the Free Admin Bundle for Active Directory which comes with 3 separate utilities that help you manage AD quickly.

The Tool we’re interested in is the Inactive User Account Removal Tool which is installed with the bundle.

Download From the link below and lets get it installed:

https://www.solarwinds.com/free-tools/active-directory-admin-tools-bundle

After you’ve Downloaded and Installed the bundle, find the Inactive User Account Removal Tool and click on it to launch the utility.

Once the utility has started, enter your Domain Controller IP/Name and AD Domain Admin Credentials at the next screen and click the NEXT button after you’ve tested your credentials to work:

You will then see a screen that is populated with All users and there will be a column for Last Login, as seen in the screenshot below!

This tool was meant to find inactive accounts, but we’ve noticed that you can use it to quickly find user information as well. If your having issues finding account information, try changing the Inactive Date at the Top to see more recent accounts.

You can download the Free Tool here:

https://www.solarwinds.com/free-tools/active-directory-admin-tools-bundle

2. Powershell

Find Specific AD Users Last Logon Time Using PowerShell

You can easily find the last logon time of any specific user using PowerShell.

The basic syntax of finding users last logon time is shown below:

Get-ADUser -Identity username -Properties "LastLogonDate"

For example, you can find the last logon time of user hitesh and simac by running the following command in the PowerShell:

Get-ADUser -Identity "hitesh" -Properties "LastLogonDate"
Get-ADUser -Identity "simac" -Properties "LastLogonDate"

You should see the users last logon time information in the following screen:

Find All AD Users Last Logon Time Using PowerShell

If you are managing a large organization, it can be a very time-consuming process to find each users’ last logon time one by one.

In this case, you can create a PowerShell script to generate all user’s last logon report automatically.

You can create the PowerShell script by following the below steps:

1. Open your notepad and add the following codes:

Get-ADUser -Filter {enabled -eq $true} -Properties LastLogonTimeStamp | Select-Object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('yyyy-MM-dd_hh:mm:ss')}}

2. Click on the Save as option to save the file

3. Type a name for the script as lastlogon.ps1

4. Click on the Save button to save the file.

5. Right click on the lastlogon.ps1 PowerShell script and click on the Edit button as shown below:

6. Now, click on the green button to run the script. You should see the following screen if it ran successfully:

Save the Generated Report

If you want to save the generated report in the CSV file, run the following script in the PowerShell:

Save User Metadata with Script

If you want to generate all user’s last logon report with other useful information like, OU and Domain controller name.

Then, you can create the PowerShell script by following the below steps:

1. Open your notepad and add the following codes:

Import-Module ActiveDirectory function Get-LastLogonEvents { $dcs = Get-ADDomainController -Filter {Name -like "*"} $users = Get-ADUser -Filter * $time = 0 foreach($user in $users) { foreach($dc in $dcs) { $hostname = $dc.HostName $currentUser = Get-ADUser $user.SamAccountName | Get-ADObject -Server $hostname -Properties lastLogon if($currentUser.LastLogon -gt $time) { $time = $currentUser.LastLogon } $dt = [DateTime]::FromFileTime($time) Write-Host $currentUser "last logged on at:" $dt $time = 0 } } } Get-LastLogonEvents

2. Click on the Save as option to save the file.

3. Type a name for the script as lastlogon_details.ps1

4. Click on the Save button to save the file.

5. Now, right click on the PowerShell script and click on the Edit button as shown below:

6. Now, click on the green button to run the script. You should see the following screen if it ran successfully:

If you want to save the generated report in the CSV file, run the following script in the PowerShell:

3. Find AD Users Last Logon Time Using the Attribute Editor

You can also find a Single Users Last logon time using the Active Directory Attribute Editor.

You can follow the below steps below to find the last logon time of user named jayesh with the Active Directory Attribute Editor.

1. Open the Active Directory Users and Computer.

2. Click on the View => Advanced Features as shown below:

3. Click on the Education OU, Right-click on the jayesh user and click on the Properties as shown below:

4. Click on the Attribute Editor tab and scroll down to see the last logon time as shown below:

Conclusion

Now that you have all of the information needed to easily generate the last logon report of users, hopefully this helps streamline your day to day tasks of keeping your networks secure.