How to View Last Login Time of User in Active Directory.

If you want to view the last login date and time of a user in to the Active Directory, continue reading this tutorial. This tutorial contains two methods to find out the last login time of an Active Directory user. Each time an AD user logs on to Active Directory from any workstation, the system records the date and time of logon, in the attributes: lastLogon & lastLogonTimestamp. From the two of them, the most accurate attribute is the lastLogon, which reflects the most recent logon that was authenticated by a specific domain controller. *

* Note: The lastLogonTimestamp attribute "holds" the time that the user last logged into the domain, and its value is replicated to all domain controllers, but only if it is 14 days or more older than the lastLogon value. The lastLogonTimestamp is sufficient only for identifying stale accounts.

 

How to Find the Last Logon Time for a User in Active Directory. (Server 2016/2012)

Method 1. View Last Login Time from Windows GUI.

Method 2. View Last Login Time from PowerShell

Method 1. Find the Last Logon Time from Windows GUI.

To find out when a user was last logged in Active Directory, perform the below task on every Domain Controller:

1. Open Active Directory Users and Computers
2. From View menu, click Advanced Features.

 

 

3. Select the Users group on the left pane.
4. At the right pane, right-click at the user you want to view the last login time and select Properties.

 

5. At 'User Properties' window, select the Attribute Editor tab.

6. Now scroll down to lastLogon attribute, to find out when the user logged in for last time into the active directory. *

* Notes:
1. If you have more than one DC, then you have to perform the above steps in all DC's to find out the most recent logon date & time of the user.
2. If you want to find the last logon date and time for a stale account, then look at 'lastLogonTimestamp'.

Method 2. View the Last Logon Time from PowerShell.

To view the last logon time of a user, from PowerShell:

1. Open PowerShell as Administrator and give this command:

• Get-ADUser -Identity "username" -Properties "LastLogon"

* For example: To find out the last logon date/time of the AD user "User1", type:

• Get-ADUser -Identity "User1" -Properties "LastLogon"

2. As you can see, after executing the above command, the 'LastLogon' attribute, displays a numeric value (e.g. "132279814667281827" in this example).

To convert the 'LastLogon' value to a recognizable date & time, give this command in PowerShell:

• [datetime]::FromFileTime(LastLogon-Value)

* e.g. At this example, the value of the 'LastLogon' atttibute is "132279814667281827". So, the command will be:

• [datetime]::FromFileTime(132279814667281827)

Additional Help: To find out the last logon time stamp, for a stale account, give this command in PowerShell:

• Get-ADUser -Identity "username" -Properties "LastLogonDate"

That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.