ManageEngine x Forrester | Workforce Identity Platforms Landscape Report

Active Directory Fundamentals

Find a user’s last logon time

Ensuring the security and maintenance of Active Directory user accounts is a critical aspect of system administration. One key piece of information is the last logon time for a user, which helps administrators identify inactive accounts and ensure the security of the network. In this guide, we will explore the process of finding a user’s last logon time in Active Directory using PowerShell.

Understanding LastLogon and LastLogonTimeStamp Attributes: 

Before delving into the step-by-step process, it’s essential to understand the two main attributes associated with user logon times in Active Directory: LastLogon and LastLogonTimeStamp.

  • LastLogon Attribute: This attribute stores the most accurate last logon time for a user. However, it is not replicated across domain controllers, necessitating checking on each DC for the most recent time.
  • LastLogonTimeStamp Attribute: While also providing last logon information, this attribute is designed to identify stale user accounts. It is replicated but has a latency of 9-14 days, making it less suitable for real-time last logon checks.

Step-by-Step Guide: 

1. Find User Last Logon using PowerShell: 

  • Log into a Domain Controller:
    • Ensure you are logged into a Domain Controller. If not, import the Active Directory PowerShell modules.
  • Use Get-ADUser PowerShell cmdlet:
    • Open PowerShell and execute the following command to retrieve the LastLogonDate for all domain users:
Get-ADUser -filter * -Properties "LastLogonDate" | select name, LastLogonDate - 

Note: To obtain the true last logon date, run the script on all domain controllers, as the LastLogon attribute is not replicated.

 2. Get the Last Logon Date for a List of Users: 

  •  Modify the PowerShell command to filter specific users: 
Get-ADUser -filter {SamAccountName -eq 'username'} -Properties "LastLogonDate" | select name, LastLogonDate -

Replace ‘username‘ with the actual username you want to query.

 3. Get Last Logon in the Last 30 Days: 

  • Use the following PowerShell command to retrieve the last logon date for users who logged in within the last 30 days:
Get-ADUser -filter {LastLogonDate -gt (Get-Date).AddDays(-30)} -Properties "LastLogonDate" | select name, LastLogonDate

How to find user’s last logon time using ManageEngine Free Active Directory Tools 

In the realm of Active Directory management, tracking user activities, especially their last logon time, is paramount for maintaining a secure and efficient IT environment. ManageEngine, a renowned provider of IT management solutions, offers a free Active Directory tool that simplifies the process of finding a user’s last logon time. In this step-by-step guide, we will delve into the practical aspects of using the ManageEngine Free Active Directory Tool to accomplish this crucial task.

  1. Download and Install ManageEngine Free Active Directory Tool.
    • Begin by downloading the free tool from the official ManageEngine website.
    • Follow the installation instructions to set up the tool on a system within your network.
  1. Launch the Tool and Connect to Active Directory.
    • Once installed, launch the ManageEngine Free Active Directory Tool. In the main interface, locate the ‘AD Query’ tab.
    • Here, you can connect to your Active Directory by providing the necessary credentials.
  1. Navigate to ‘Reports’ Section.
    • This is where you will find a range of reporting options, including those related to user logon activities.
  1. Choose ‘User Logon Reports’.
    • Click on it to access a variety of predefined reports designed to provide insights into user logon details.
  1. Select the Desired Report Type.
    • Based on your specific needs, choose the type of report that aligns with the information you seek.
    • Options may include ‘Last Logon Report’, ‘Users Not Logged in for the Last n Days’ and more.
  1. Customize Report Criteria.
    • This customization allows you to tailor the report to meet your precise requirements.
  1. Generate the Report.
    • Click on the ‘Generate’ button to initiate the report generation process.
    • The tool will query Active Directory based on the specified criteria and compile the last logon information for the selected users.
  1. Review Last Logon Details.
    • Once the report is generated, you will be presented with a detailed view of user logon information, including the last logon time for each user.
    • Take note of this valuable data for further analysis or security audits.
  1. Export Report Data (Optional).
    • If needed, the ManageEngine Free Active Directory Tool allows you to export the report data in various formats, such as CSV or PDF.
    • This feature facilitates record-keeping, sharing information with stakeholders, or integrating the data into other management systems.
  1. Schedule Regular Logon Reports (Optional).
    • To streamline the monitoring process, the tool enables you to schedule regular logon reports.
    • Automation ensures that you receive timely updates on user logon activities without manual intervention.
  1. Utilize Advanced Features (Optional).
    • Explore additional functionalities offered by the tool, such as ‘Inactivity Audit’ or ‘Threshold-based Alerting’. 
    • These advanced features enhance your ability to identify inactive accounts and set up proactive alerting for unusual logon patterns.
  1. Stay Mobile with ManageEngine App (Optional).
    • For administrators on the move, ManageEngine provides a mobile app that grants access to critical information, including user logon details.
    • Install the app on your mobile device for convenient and real-time management.


In conclusion, this guide has provided a comprehensive walkthrough of three methods to obtain the Active Directory last logon for domain user accounts using PowerShell. It is crucial to choose the appropriate attribute based on the specific requirements of your network management. While the LastLogon attribute offers real-time accuracy, the LastLogonTimeStamp attribute is suitable for identifying stale accounts. You can also perform the same operation in ManageEngine’s ADManager Plus.

By following these steps, administrators can enhance their ability to monitor user activity, strengthen network security, and ensure the overall health of their Active Directory environment

Related posts
Active Directory FundamentalsTop Read Articles

How to raise AD forest functional level

Active Directory Fundamentals

How to schedule a process remotely via WMI

Active Directory Fundamentals

How to create a process via WMI remotely

Active Directory Fundamentals

How to create a task via WMI

×

There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.