LastlogonTimeStamp : Report

LastlogonTimeStamp : Report

Use the following script to report on your users lastLogontimeStamp – note this will be accurate to within one week due to the very nature of the lastlogonTimeStamp attribute being replicated between DC’s once per week.

Save the text below into a VBS file and execute like so: cscript.exe file.vbs >> report.csv

If the script fails, download a copy from here: http://cb-net.co.uk/downloads/compreport2.txt

Option Explicit

Dim objRootDSE, adoConnection, adoCommand, strQuery, strCN
Dim adoRecordset, strDNSDomain, objShell, lngBiasKey
Dim lngBias, k, strDN, dtmDate, objDate
Dim strBase, strFilter, strAttributes, lngHigh, lngLow

‘ Obtain local Time Zone bias from machine registry.
‘ This bias changes with Daylight Savings Time.
Set objShell = CreateObject(“Wscript.Shell”)
lngBiasKey = objShell.RegRead(“HKLM\System\CurrentControlSet\Control\” _
    & “TimeZoneInformation\ActiveTimeBias”)
If (UCase(TypeName(lngBiasKey)) = “LONG”) Then
    lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = “VARIANT()”) Then
    lngBias = 0
    For k = 0 To UBound(lngBiasKey)
        lngBias = lngBias + (lngBiasKey(k) * 256^k)
    Next
End If
Set objShell = Nothing

‘ Determine DNS domain from RootDSE object.
Set objRootDSE = GetObject(“LDAP://RootDSE”)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
Set objRootDSE = Nothing

‘ Use ADO to search Active Directory.
Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)
adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection

‘ Search entire domain.
strBase = “”

‘ Filter on all user objects.
strFilter = “(&(objectCategory=computer)(objectClass=user))”

‘ Comma delimited list of attribute values to retrieve.
strAttributes = “distinguishedName,lastLogonTimeStamp,cn”

‘ Construct the LDAP syntax query.
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”

‘ Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 5000
adoCommand.Properties(“Timeout”) = 60
adoCommand.Properties(“Cache Results”) = False
Set adoRecordset = adoCommand.Execute

‘ Enumerate resulting recordset.
Do Until adoRecordset.EOF
   ‘ Retrieve attribute values for the user.
    strDN = adoRecordset.Fields(“distinguishedName”).Value
    strCN = adoRecordset.Fields(“cn”).Value
    ‘ Convert Integer8 value to date/time in current time zone.
    On Error Resume Next
    Set objDate = adoRecordset.Fields(“lastLogonTimeStamp”).Value
    If (Err.Number 0) Then
        On Error GoTo 0
        dtmDate = #1/1/1601#
    Else
        On Error GoTo 0
        lngHigh = objDate.HighPart
        lngLow = objDate.LowPart
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            dtmDate = #1/1/1601#
        Else
            dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
                + lngLow)/600000000 – lngBias)/1440
        End If
    End If
    ‘ Display values for the user.
    If (dtmDate = #1/1/1601#) Then
       Wscript.Echo chr(34) & strDN & chr(34) & “,” & strCN &  “,Never”
    Else
       Wscript.Echo chr(34) & strDN & chr(34) & “,” & chr(34) & strCN & chr(34) & “,” & dtmDate
    End If
    adoRecordset.MoveNext
Loop

‘ Clean up.
adoRecordset.Close
adoConnection.Close