Get user's last logon time from Active Directory

[chris128]

If you found this post by searching google for software that will get the true last logon for users or computers from AD, have a look at the free application I've made that does just that: http://cjwdev.wordpress.com/2010/07/...clean-up-tool/


There are quite a lot of examples of how to do this on the internet, mostly vbscript but there are some .NET examples as well - the problem is that all of the .NET examples I've found are just conversions of the vbscripts and therefore do a lot of things that are not necessary in a .NET app or are not very efficient.

So, this post is just to provide an example of a basic function that you could use to get the last logon of a single user (or computer). Important: The lastLogon attribute does not get replicated between domain controllers, it just gets updated on whichever domain controller it is that actually authenticates you when you log on. So to get a completely accurate date/time you need to query all domain controllers in the domain. You can easily get a list of all domain controllers in the domain by using the following collection:

vb.net Code:

System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain.DomainControllers

So you would need to loop through that collection and get the lastLogon attributes from each DC and use whichever lastLogon value is the most recent.

Anyway, here is my basic example of a function that will get the lastLogon attribute for a specific user (only from one domain controller). It is just an example - you need to add error handling etc. Also note that calling this function over and over passing in different usernames would not be very efficient, this function is aimed at just getting one specific user's last logon time.

(You must add a reference to System.DirectoryServices before you can use this)

vb.net Code:

Imports System.DirectoryServices 'at the top of your code
 
Public Shared Function GetUserLastLogonTime(ByVal TargetUsername As String) As DateTime
        Using Searcher As New DirectorySearcher(New DirectoryEntry)
            Searcher.Filter = "(&(sAMAccountType=805306368)(sAMAccountName=" & TargetUsername & "))"
            Searcher.PropertiesToLoad.Add("lastLogon")
            Dim UserAccount As SearchResult = Searcher.FindOne
            Dim RawLastLogon As Int64 = CLng(UserAccount.Properties("lastLogon")(0))
            Dim LastLogonDate As DateTime = DateTime.FromFileTime(RawLastLogon)
            Return LastLogonDate
        End Using
End Function

You could make it a bit more compact but I thought to make it clearer what is being done it was better like that.

Notice that you do not need to use the IADSLargeInteger interface from the COM Active DS Type Library like a lot of examples seem to suggest, as this is only necessary if using vbscript because vbscript does not have a 64 bit integer type built in.

[stanav]

Notice that you do not need to use the IADSLargeInteger interface from the COM Active DS Type Library like a lot of examples seem to suggest, as this is only necessary if using vbscript because vbscript does not have a 64 bit integer type built in.

Good to know it... I've been always used the IADSLargeInteger interface but this is certainly better. Thanks.

[chris128]

Yeah I have yet to see any other .NET examples that dont use IADSLargeInteger. I originally used that as well but I wondered what a "Large" Integer actually was... looked into it and found it was just a 64 bit integer so I tried just using Int64 instead and it worked

[Badzmaru]

[B]
Also note that calling this function over and over passing in different usernames would not be very efficient, this function is aimed at just getting one specific user's last logon time.

How can you query a list of users last logon more efficiently? I've tried this method on just one user querying 12 Domain Controllers and that took over 10 mins!