Get User Last Logon Time

How to Find Active Directory User’s/Computer’s Last Logon Time?

The Active Directory administrator must periodically disable and inactivate objects in AD. In this article, we will show how to get the last logon time for the AD domain user and find accounts that have been inactive for more than 90 days.

How to Get Last Logged on User Using ADUC?

You can find out the last logon time for the domain user with the ADUC graphical console (Active Directory Users and Computers).

  1. Run the console dsa.msc;
  2. In the top menu, enable the option View > Advanced Features;
    active directory user last logon time
  3. In the AD tree, select the user and open its properties;
  4. Click on the tab Attribute Editor;
  5. In the list of attributes, find lastLogon. This attribute contains the time the user was last logged in the domain.

last logon time active directory powershell

Find Last Logon Time Using CMD

You can find out the time the user last logged into the domain from the command line using the net or dsquery tools.

Open a command prompt (you don’t need domain administrator privileges to get AD user info) and run the command:

net user administrator /domain| findstr "Last"

You got the user last login time: 08.08.2019 11:14:13.

powershell command to find last logon time for all users

You can also get the last login time using dsquery. For example:

dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=administrator))" -attr distinguishedName lastLogon lastLogonTimestamp -limit 0

The main problem is that the attributes lastLogon and lastLogonTimestamp in AD are stored in timestamp format and you need to additionally convert it to a normal time format.

last logon time powershell

You can also use this command to find all users who are inactive, for example, for 10 weeks:

dsquery user domainroot -inactive 10

Find Last Logon Time Using PowerShell

You can also use PowerShell to get the user last domain logon time. For this, you need to use

Active Directory module for Windows PowerShell. Install this module and import it into your PowerShell session:

Import-Module ActiveDirectory

To find the last logon time for the domain administrator account, run the command:

Get-ADUser -Identity administrator -Properties LastLogon

The cmdlet returned the time in Timestamp format. To convert it to normal time use the following command:

Get-ADUser -Filter {Name -eq "administrator"} -Properties * | Select-Object Name, @{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}}

powershell get last logged on user

Using PowerShell, you can display Lastlogon time for all enabled domain users:

Get-ADUser -filter {enabled -eq $true} -Properties * | Select-Object Name, @{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}}|Sort-Object LastLogon -Descending

last logon time active directory

Or you can find users who are inactive for more than 90 days:

$date1= (Get-Date).AddDays(-90)

Get-ADUser -Properties LastLogonDate -Filter {LastLogonDate -lt $date1} | ft

You may also like:

How to transfer FSMO Roles From a Failed Domain Co... In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic ha...
AD Account Keeps Locking Out Sometimes there are situations when AD account keeps locking out, this happen when you try to log on to a domain computer and getting an error on the ...
Installing Active Directory Users and Computers MM... One of the main Active Directory domain management tools is the MMC snap-in Active Directory Users and Computers (ADUC). The ADUC snap-in is used to p...
Store BitLocker Recovery Keys using Active Directo... In a domain network, you can store the BitLocker recovery keys for encrypted drives in the Active Directory Domain Services (AD DS). This is one of th...
Change Default OU permissions in Active Directory By default, each newly created organizational unit (OU) in the access list includes read permission for the group Authenticated Users (built-in group)...

Add Your Comment