Last login date of server profile?
-
07-02-2021 - |
Question
So I'm writing a program to monitor access dates on a server. My goal is to get the last login / access date of each profile that's on the domain controller, but I have no idea what file / setting / property I should be looking at. Currently, my program checks the last modified date of:
\\my-dc\c$\Documents and Settings\user\NTUSER.DAT.LOG
I did this because it seems to be the most recently updated every time someone's doing something. However, I did some looking up and apparently that file is updated every time the user's registry is changed, even if the user is not logged on. This doesn't serve me very well because then my program would report a lot of false positives.
TL;DR - is there a Windows property or a specific file I should look at when I'm checking the last logon date of a user?
Thanks.
Solution
You can query the IADsUser which has a LastLogin property. Here's a C# and VB.NET example getting a property from IADsUser
Here's the sample code modfied to get the lastlogin
Imports System.Reflection
Imports System.DirectoryServices
Dim ent As New DirectoryEntry("LDAP://CN=My User,DC=Fabrikam,DC=com")
Dim ads As [Object] = ent.NativeObject
Dim type As Type = ads.GetType()
Dim firstName As String = CStr(type.InvokeMember( _
"LastLogin", _
BindingFlags.GetProperty, _
Nothing, _
ads, _
Nothing))
Note: you may want to use DateTime.TryParse instead of CStr