Asus Tech Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Friday, 8 June 2012

LastLogonTimestamp for Group Members

Posted on 07:22 by Unknown
LastLogonTimestamp for Group Members: I was recently working in a secure environment and one of the issues was way too many domain admin accounts.  This is not a problem just in secure environment.  I've yet to encounter a federal organization that does an outstanding job of limiting the number of domain admins.  I've seen Joe Richards write about working at a Fortune 5 company where they ran with less than 5 domain administrators.  More and more organizations are trying to limit domain admins.  I doubt we will ever get to a point where less than five is the norm but things are getting better...slowly but surely.

The first step the security team took was to identify members of the domain admin group and the last time they logged in.  This is a good initial step to remove those that haven't logged on or used their accounts.  If someone hasn't used their domain admin account in 120 days or longer then I would question if they need the account.

Some folks on the security team were manually going and using a box that had the additional account info tab from the acctinfo.dll.  They were then looking at lastlogon box within the tab and manually entering that into a spreadsheet.  I knew there were easier ways to do this so I stepped in to help out.

For this exercise I keyed off the LastLogonTimeStamp (LLTS) The lastlogontimestamp can be off by 9-14 days.  The link to the askds blog entry on LLTS does a great job of explaining it.  If 9-14 days is not acceptable then you would have to query lastlogon on every DC.  Lastlogon does not replicate and that is why every DC would have to be queried.

For the examples I'm in my lab domain which is mkw2k8R2.com and I only have three users in the domain admin group.  I've only logged in with one of those users.

Method 1 - Using ADFIND

Regular blog users will not be surprised to find out that I used adfind from Joe Richards for method 1.  

adfind -default -f "memberof=cn=domain admins,cn=users,dc=mydomain,dc=mysuffix" samaccountname lastlogontimestamp -tdc -nodn -csv 


Method 2 - Using Quest AD Powershell Cmdlets

Many people that started with powershell and AD years ago are probably familiar with the free AD cmdlets from Quest.  

get-qaduser -memberof "domain admins" | select-object samaccountname, lastlogontimestamp


Method 3 - Using Microsoft's AD Powershell v2 Cmdlets

With the introduction of Windows 2008 R2 and Windows 7 Microsoft introduced the AD module for Windows Powershell.  There is already a lot of good information about the AD Module for Powershell so I won't go over that here.   I also admit I'm not a powershell master/guru.

get-aduser -LDAPFilter "(memberof=cn=domain admins,cn=users,dc=mkw2k8r2,dc=com)" -property lastlogondate | ft samaccountname, lastlogondate


If you noticed I used lastlogondate which is not an actual AD attribute.  My friend Richard Mueller had a good writeup on lastlogondate.    See the link and Richard's answer for more info on lastlogondate which is essentially the same as lastlogontimestamp


Method 4 - Using CSVDE

CSVDE is what you call an old school tool.  Those that have been around AD for years have definitely used the tool at some point.  It was around before adfind and powershell. 


csvde -f c:\userslogon.csv -r "(memberof=cn=domain admins,cn=users,dc=mkw2k8r2,dc=com)" -l samaccountname, lastllogontimestamp  


One problem with the CSVDE method is how it handles the output.   LastLogonTimeStamps are Integer8 (64-bit numbers) that CSVDE can't handle.  You will notice in methods 1-3 those tools did a good job of decoding the attribute.

Elizabeth Greene has a really good blog entry that has a formula you can use in excel to convert it into a readable date.

Notice in the screenshot the difference between the native format in cell C2 and what it looks like after I applied the formula




Method 5 - Using Repadmin

This method I first saw used in the blog from the askds team that I linked to earlier and I'll link to again here


repadmin /showattr dc1root dc=mkw2k8r2,dc=com /subtree /filter:"(memberof=cn=domain admins,cn=users,dc=mkw2k8r2,dc=com)" /attrs:lastlogontimestamp



Other Methods


I really like methods 1-3 the best.  There are other methods that I have not included here but I figured five is a good start for anyone.  Some other things you might see out there


  • VBScript - Richard is the king in this category and if you want to use VBScript I recommend testing his scripts out.
  • Powershell v1 without AD cmdlets - remember when I said I was not a powershell guru yet.  I'm guessing that is something that can be done but haven't tried to do it yet.   The AD cmdlets from Microsoft and Quest both work for me so I try to stick to them.

You can use these examples and modify them if you are looking for other groups.  There are other/better ways to identify old/stale accounts in a domain if you want to do it domain wide.  More to come on that.

I'm really looking forward to hearing from readers and the community on other methods for doing this.  If there are better ways to do it in Powershell please leave a comment and I'll definitely update the blog.

Inactive Domain Admins beware....you will be removed :)

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Economy Hosting just Rs. 109/month for 12 months!

Popular Posts

  • Build the Mac Pro That You Wish Apple Released [Hackintosh]
    Build the Mac Pro That You Wish Apple Released [Hackintosh] : Last week Apple updated their Mac Pros to cutting-edge processors from 2010, e...
  • BD singer Porshi Scandal video download online
    BD singer Porshi BD singer Porshi video online BD singer Porshi  online Bangladeshi Chaneel I superstar singer Porshi recently released her ...
  • Curvy Girls of Miss Bumbum Brazil 2012
  • se l/e i ;ertoi' toi';t894t'4343
     EYAGA;P98 GTY;O' 98G/O; i; aiygt;a 90ghkhbkdhsl tie[ q[4890'8ihgxdhfs ;oa'9t hk4l ty'ae4t4 EYAGA;P98 GTY;O' 98G/O; i; a...
  • Sameeksha
  • Melyssa Grace: Hot Asian Import Model.
    Who Is Melyssa Grace? Quick Bio Name: Melyssa Grace Roberts Nickname: Mely Ethnicity: Filipina/German Profession: Model (Import) Birthdat...
  • Ankitha
  • Kay Valentine: Hot British Import Model.
    Kay Valentine Bio Quick Bio Name: Kay Valentine Nicknames: Princess Kay & Kay Veezy Ethnicity: Vietnamese/French Profession: Model (I...
  • Serangoon Road
    HBO's pioneer Asian series premiers this weekend By Nico Erle Ciriaco SINGAPORE CITY – Home Box Office (HBO) Asia announced in a press c...
  • Powering the Possible (Dell)
    Affording chances and other life skills By Earl D.C. Bracamonte Total solutions company Dell announced very recently that it will support t...

Categories

  • 1964
  • 3D frame resolution
  • 44th season
  • 4K technology
  • 60s theme
  • 84-inch LED
  • Abarat
  • Abbey Clancy
  • accessories
  • acqua
  • action
  • Aditi Gowarkar
  • Aditi Rao
  • adventure
  • agnes locsin
  • airlines
  • airplanes
  • Aisha
  • Aishwarya Rai
  • aklan
  • Alexandria Eissinger
  • Alia Bhatt
  • Alicia Machado
  • all-day
  • altro mondo
  • Amalia
  • american cuisine
  • Amisha Patel
  • Amrita Rao
  • Amy Jackson
  • Andrea Jeremiah
  • Aneh
  • anemia
  • Anika Kabir Shokh
  • Anjana Sukaani
  • Ankitha
  • Annelise Marie
  • anti-ageing
  • Anu Mehta
  • Anushka Sharma
  • apparel
  • Apple
  • appliances
  • Archana
  • Arpita Paul
  • art
  • art of dance
  • arte contemporanea
  • Asha Saini
  • asia pacific
  • asian
  • asians five nations tournament
  • aspen
  • Attahama Cheewanitchaphan
  • australian broadcasting corp
  • autumn
  • ayala center
  • Bag of Bones
  • ballet philippines
  • Bangladeshi Model
  • Bangladeshi Sexy Model
  • Bangladeshi Singer
  • bb pilipinas
  • bb. pilipinas
  • BD Model
  • beauty
  • beauty in giving
  • beddings
  • beds
  • Belarus
  • belt
  • beverly hills 6750
  • bgc
  • Bhavana
  • Bhuvaneshwari
  • biki
  • bikini
  • bio-oil
  • Bipasha Basu
  • Bisnis Lokal Go Online
  • bit.ly
  • blood disorder
  • book review
  • boracay
  • bp
  • bpci
  • breakfast
  • campaign
  • car seats
  • carriers
  • cause
  • ccp
  • cebu
  • Celina Jeitly
  • Certification
  • chef
  • childhope asia
  • children's joy foundation
  • Chitrangada Singh
  • christmas carol
  • cinema
  • cjfi
  • classical
  • Clive Barker
  • clothing
  • co-production
  • Cobie Smulders
  • collection
  • colors
  • comedy
  • competition
  • competitions
  • computer literacy
  • contact sports
  • contemporary
  • contest
  • contests
  • conveyances
  • coronation night
  • corporate social responsibility
  • corporate value
  • cqgq
  • CSR
  • cuisine
  • dance
  • Deeksha Seth
  • Deepika Padukone
  • deficiency
  • Dell
  • destination
  • destinations
  • detective noir
  • devices
  • Dhallywood Actress
  • Diana Monteiro
  • Diana Penty
  • digital products
  • dining
  • dive spots
  • Divya Bharathi
  • dockers
  • edna vida
  • elan awards
  • electronics
  • Elisha Cuthbert
  • Elle Evans
  • Emma Watson
  • Eragon
  • Erin Andrews
  • Evelyn Sharma
  • events
  • exhibit
  • f & b
  • fall
  • fashion
  • festivals
  • fila
  • filapinas
  • Filipina
  • film
  • foam
  • food
  • formulation
  • foundation
  • furnishings
  • gallery
  • garcia college of technology
  • gct
  • Geeta Basra
  • German brand
  • gianfranco pirrone
  • giselle
  • giselle sanchez
  • gkmbq
  • glorietta 5
  • gma 7
  • goo.gl
  • Google
  • grant
  • greenbelt 5
  • gusto kong maging beauty queen
  • H2O hotel
  • Hansika Motwani
  • hanupriya
  • Hazel Keech
  • hbo
  • hboasia
  • HD
  • Heera
  • high chroma texture
  • history
  • holiday
  • home
  • hot
  • iBT
  • IFBS
  • indigenous people
  • Indonesia
  • Indraja
  • initiative
  • installation art
  • international pageants
  • IPK
  • iron
  • Isha Chawla
  • italian
  • Japanese brand
  • jeff bridges
  • Jinri Park
  • john robert powers
  • Kajal Agarwal
  • Kajo
  • kalibo
  • kallery.net
  • Kamalini Mukharjee
  • Kamna Jatmalini
  • Kareena Kapoor
  • Katrina Kaif
  • Katy Perry
  • Kausha
  • Ken Follett
  • khaki
  • Kitami Masao
  • KLM
  • kristen stewart
  • kuh ledesma
  • Lambert Academic Publishing
  • LAP
  • Laura Baca
  • leather
  • Lee-Ann Roberts
  • lena gercke
  • life wear
  • linear atrophy
  • Lisa Haydon
  • mactan shangri-la
  • Mahima Chowdary
  • makati
  • malampaya
  • malaria
  • MAM
  • Mandakini
  • manila ocean park
  • Manjari
  • margie moran
  • Marian Rivera
  • Marika Baldini
  • marvel comics
  • Mary Elizabeth Winstead
  • mattresses
  • Maxim
  • mcjim
  • men
  • men's fashion
  • merck serono
  • Mette Munkø
  • Mila
  • minerals
  • Minisha Lambha
  • Minka Kelly
  • Minsk
  • Miss Supranational
  • miss world philippines
  • model
  • modern
  • modern art
  • moisturizer
  • Mounica Bedi
  • movie
  • movie review
  • mr jones
  • mutya johanna datul
  • mutya ng pilipinas
  • mvp bossing awards
  • mwp
  • My life
  • Nargis Fakhri
  • Natalie Pack
  • Navneet Kaur
  • Nayanatara
  • nbc tent
  • Neelam
  • Neha Jhulka
  • niccolo jose
  • Nikisha Patel
  • Nikitha
  • Nisha Kotari
  • nonoy froilan
  • nude
  • online voting
  • original
  • outreach
  • P2SMTP-LIPI
  • pageant
  • pageantry
  • pageants
  • painting
  • palawan
  • pants
  • Paris Hilton
  • paul morales
  • philippine volcanoes
  • pilipinas shell
  • Pillars of the Earth
  • planes
  • platinum award
  • poll
  • Pooja Bhatt
  • Pooja Gupta
  • Poonam Bajwa
  • popularity contest
  • Porshi
  • Porshi Scandal
  • Poses
  • powering the possible
  • Prachi Desai
  • precious lara quigaman
  • Preeti Jhingania
  • pret-a-porter
  • Priyanka Kotari
  • program
  • project
  • psfi
  • puerto princesa
  • PurCellin
  • quests
  • Raasi
  • Rachana Mourya
  • raffles hotel
  • raintree
  • Rambha
  • Ramya Krishna
  • Ramya Krishnan
  • range
  • readers digest
  • reality TV
  • Refaeli Bar
  • referrer spam
  • regza
  • rest in peace department
  • restaurant
  • restaurants
  • ripd
  • robert schwentke
  • Robin Scherbatsky
  • rock supremo
  • RTW
  • rugby
  • ryan renolds
  • SAKA
  • salagubang
  • salaminkera
  • Salli Villefrance
  • Saloni
  • Sam Kellet
  • Sameeksha
  • Sana Khan
  • sandra bullock
  • sangobion
  • Sara Carbonero
  • scarlett johansson
  • sculpture
  • sea air
  • search
  • Security
  • serangoon road
  • series
  • Sheela
  • shell
  • sheridan group
  • sheridan spa resort
  • Shireen
  • Shokh
  • Shradda Das
  • Shreya Saran
  • Shruthi Hassan
  • Shwetha Tiwari
  • sicily
  • Silk Smitha
  • Simran
  • SINAG
  • Sindu Tulani
  • singapore
  • skin damage
  • Sneha Ullal
  • social responsibility
  • solar entertainment
  • Sonam
  • Sonia Agarwal
  • sports palace
  • Stephen King
  • Stine Fabech
  • streetchildren
  • stretch marks
  • Sunny Leone
  • supplements
  • Susan
  • Swordless Samurai
  • technology
  • television
  • Thailand
  • the wicked
  • theater
  • Thomas Agatz
  • tiger air
  • tiger airways
  • Tim Clark
  • TOEFL
  • topical
  • toshiba
  • tourism
  • Tracy Chevalier
  • Translation
  • travel
  • treatment
  • tubbataha reef
  • Tulip Joshi
  • TV
  • Uditha Goswami
  • uip
  • Under The Dome
  • Uniqlo
  • Unknown
  • uratex
  • Urvashi Sharma
  • UT
  • Valentina Zambrotta
  • Varvara
  • Veda
  • Vedika
  • very hot
  • vijaya
  • Virgin Blue
  • visual arts
  • vitamins
  • well being
  • western philippines university
  • western visayas
  • wolverine
  • wood
  • world cup sevens
  • World Without End
  • x-men

Blog Archive

  • ►  2013 (137)
    • ►  September (15)
    • ►  August (21)
    • ►  July (8)
    • ►  June (12)
    • ►  May (8)
    • ►  April (6)
    • ►  March (13)
    • ►  February (33)
    • ►  January (21)
  • ▼  2012 (321)
    • ►  December (1)
    • ►  November (7)
    • ►  October (49)
    • ►  September (32)
    • ►  August (44)
    • ►  July (69)
    • ▼  June (113)
      • KeyScrambler Personal protects Firefox and Interne...
      • A LEGO Turing machine for [Alan]‘s centennial
      • Emulating Mac System 7 on an Android device
      • Build the Mac Pro That You Wish Apple Released [Ha...
      • AppyDays Tracks Discounted Mac and iOS Apps [Mac D...
      • DiskDigger Saves Deleted Photos on Your Android De...
      • Top 10 Ways to Get Free Wi-Fi Anywhere You Go [Lif...
      • How to Use Google Calendar as a Project Management...
      • Joe Cornish To Write and Direct Snow Crash Movie
      • The GeekDad Manifesto
      • At last, science explains why there are Internet t...
      • Put Together a Home Networking Emergency Kit for W...
      • Build Your Own VPN to Pimp Out Your Gaming, Stream...
      • Sync iCloud to Dropbox
      • Turn an Old Computer into a Networked Backup, Stre...
      • Hold Off on Those Early-Summer Student Computer De...
      • Prepaid wireless gets some respect
      • Use ImDisk to mount ISO images as virtual discs
      • Menu Uninstaller Lite makes removing apps a whole ...
      • Local Website Archive easily saves the pages you n...
      • Now Is a Great Time to Buy an SSD [Dealhacker]
      • Symform offers 200GB free cloud storage
      • Top 10 Ways to Upgrade Your Music-Listening Experi...
      • Encrypted drive attack hints at original Xbox hacking
      • Course correcting the Science Fiction genre
      • CD/DVD Polisher may save your backups someday
      • Bringing Chromium to the Raspberry Pi
      • Turning the Wii Classic Controller into a gaming rig
      • Turning a Raspberry Pi into a laptop with a LapDock
      • Cheap ARM netbooks have Linux forced upon them
      • Machining cartridge connectors from PCI sockets
      • How to Get the Best Features of Android 4.1 Jelly ...
      • Take control of MacBook Pro graphics with gfxCardS...
      • Now You Can Change your Facebook Page URL
      • Penetration testing with the Raspberry Pi [and Pwn...
      • Cheat your way through the original Prince of Persia
      • Atari Turns 40 Today
      • Dr. Dobb's 2012 Salary Survey
      • Ask Slashdot: Low Cost Way To Maximize SQL Server ...
      • Secunia PSI 3 keeps your PC software up to date
      • [DIY] Raspberry Pi enclosure turns it into a deskt...
      • Resurrecting a PS3 controller that won’t charge
      • Your Resume Is a Sales Letter [Jobs]
      • Top 5 Weirdest Perks Offered by Some of the Bigges...
      • Demonstrating People Skills in an IT Resume
      • Top 5 Tips for a Great Annual Employee Review
      • Salary Negotiation 101: Tips for IT Pros Part 2
      • Salary Negotiation 101: Tips for IT Pros Part 1
      • 6 Ways to Get a Tech Job Without a Tech Degree
      • INSIDE WILL'S FIX-IT (AND TAKE-IT-APART) TOOLKIT
      • LoL
      • Kepada Titien
      • Use a 'code book' to protect (and to recall) your ...
      • The 25 worst pins and passwords
      • Comic for June 10, 2012
      • How Many Seconds Would It Take To Crack Your Passw...
      • Get $290 Worth of Mac Productivity Apps for $40 [D...
      • Make a Long Range Wi-Fi Extender out of a Coffee C...
      • Keep Your Tie Perfectly Straight with a Paper Clip...
      • Found Is a Universal Search for Your Mac Hard Driv...
      • Circumvent Wi-Fi Time Limits at Coffee Shops by Sp...
      • Get 11 Awesome Mac Apps for $50, Including the Gre...
      • Tracking small changes in video to see someone’s p...
      • Simple power adapter thumbs its nose at proprietar...
      • Manually configuring an iCloud email account [More...
      • Passware Encryption Analyzer hunts down hidden arc...
      • Registry Editing Tips and Tools
      • Determining what service or application owns a TCP...
      • Troubleshooting: Installing a legacy device in Win...
      • LastLogonTimestamp for Group Members
      • New MCSE - Personal FAQs
      • Trench Tales (Part 3) - Apple in the Enterprise
      • Scripted Network Defense (Part 1) - Programmatic D...
      • IT Positions Some of the Toughest Jobs To Fill In US
      • Apple Releases IOS Security Guide
      • Geezers Pick Stronger Passwords Than Young'uns
      • Ask Slashdot: Syncing Files With Remote Server Whi...
      • Worst Companies At Protecting User Privacy: Skype,...
      • First Steps With the Raspberry Pi
      • Ask Slashdot: Provisioning Internet For Condo Asso...
      • Manga Guide to Surface Mount Devices & Soldering
      • Buy Your Own Cable Modem to Avoid Rental Fees
      • Top 10 Cellphone Accessories You Don't Need to Buy...
      • MCSE vs. MCITP – Which certification is better?
      • Miss Thailand World 2012.
      • Miss Thailand Universe 2012.
      • Miss America 2012
      • Purrint makes screen capture simple
      • All about the new Microsoft MCSE certification
      • VisiPics quickly finds duplicate photos
      • Dungeons & Dragons Next Playtest Released
      • The Gamification of Hiring
      • (2012-05-26) Using Both Microsoft Hyper-V And VMwa...
      • Error'd: Docking Ejection
      • Sorry, you can't mail your iPhone or iPad overseas...
      • Get Serif PagePlus 11 for free while you still can...
      • Get organized with WikiPad
      • Comic for April 9, 2012
      • Malwarebytes Anti-Malware 1.61 is an essential upd...
      • The misunderstood 'digital native' has a two-minut...
    • ►  April (3)
    • ►  February (1)
    • ►  January (2)
  • ►  2011 (42)
    • ►  December (2)
    • ►  November (4)
    • ►  September (1)
    • ►  August (21)
    • ►  July (2)
    • ►  June (1)
    • ►  May (5)
    • ►  April (6)
Powered by Blogger.

About Me

Unknown
View my complete profile