LastlogonTimeStamp : Report
Use the following script to report on your users lastLogontimeStamp – note this will be accurate to within one week due to the very nature of the lastlogonTimeStamp attribute being replicated between DC’s once per week.
Save the text below into a VBS file and execute like so: cscript.exe file.vbs >> report.csv
If the script fails, download a copy from here: http://cb-net.co.uk/downloads/compreport2.txt
Option Explicit
Dim objRootDSE, adoConnection, adoCommand, strQuery, strCN
Dim adoRecordset, strDNSDomain, objShell, lngBiasKey
Dim lngBias, k, strDN, dtmDate, objDate
Dim strBase, strFilter, strAttributes, lngHigh, lngLow
‘ Obtain local Time Zone bias from machine registry.
‘ This bias changes with Daylight Savings Time.
Set objShell = CreateObject(“Wscript.Shell”)
lngBiasKey = objShell.RegRead(“HKLM\System\CurrentControlSet\Control\” _
& “TimeZoneInformation\ActiveTimeBias”)
If (UCase(TypeName(lngBiasKey)) = “LONG”) Then
lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = “VARIANT()”) Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If
Set objShell = Nothing
‘ Determine DNS domain from RootDSE object.
Set objRootDSE = GetObject(“LDAP://RootDSE”)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
Set objRootDSE = Nothing
‘ Use ADO to search Active Directory.
Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)
adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection
‘ Search entire domain.
strBase = “”
‘ Filter on all user objects.
strFilter = “(&(objectCategory=computer)(objectClass=user))”
‘ Comma delimited list of attribute values to retrieve.
strAttributes = “distinguishedName,lastLogonTimeStamp,cn”
‘ Construct the LDAP syntax query.
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”
‘ Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 5000
adoCommand.Properties(“Timeout”) = 60
adoCommand.Properties(“Cache Results”) = False
Set adoRecordset = adoCommand.Execute
‘ Enumerate resulting recordset.
Do Until adoRecordset.EOF
‘ Retrieve attribute values for the user.
strDN = adoRecordset.Fields(“distinguishedName”).Value
strCN = adoRecordset.Fields(“cn”).Value
‘ Convert Integer8 value to date/time in current time zone.
On Error Resume Next
Set objDate = adoRecordset.Fields(“lastLogonTimeStamp”).Value
If (Err.Number 0) Then
On Error GoTo 0
dtmDate = #1/1/1601#
Else
On Error GoTo 0
lngHigh = objDate.HighPart
lngLow = objDate.LowPart
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0) Then
dtmDate = #1/1/1601#
Else
dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow)/600000000 – lngBias)/1440
End If
End If
‘ Display values for the user.
If (dtmDate = #1/1/1601#) Then
Wscript.Echo chr(34) & strDN & chr(34) & “,” & strCN & “,Never”
Else
Wscript.Echo chr(34) & strDN & chr(34) & “,” & chr(34) & strCN & chr(34) & “,” & dtmDate
End If
adoRecordset.MoveNext
Loop
‘ Clean up.
adoRecordset.Close
adoConnection.Close