How,Display,Active,Directory,L computer How to Display Active Directory Last Logon Information
----------------------------------------------------------Permission is granted for the below article to forward,reprint, distribute, use for ezine, newsletter, website,offer as free bonus or part of a product for sale as longas no changes a Gone are those times when the companies and the organisations didn't need a hi-tech system to handle them. Owing to the considerable increase in the business sector and thus, an enormous increase in the complexity of the organisational struc
Active Directory last logon attributesIn Windows Server 2008, Microsoft introduced four new Active Directory attributes that store information about the user’s last interactive logon:msDS-FailedInteractiveLogonCount(CN: ms-DS-Failed-Interactive-Logon-Count)msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon(CN: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon)msDS-LastFailedInteractiveLogonTime(CN: ms-DS-Last-Failed-Interactive-Logon-Time)msDS-LastSuccessfulInteractiveLogonTime(CN: ms-DS-Last-Successful-Interactive-Logon-Time)So by default, this feature is deactivated because in environments with a large number of users, it can cause a high replication burden in the morning when many users are signing in at the same time.Difference to lastLogon and lastLogontimThis is one difference to the attributes lastLogon, badPasswordTime, badPwdCount and lastLogontimeStamp and the first 3 were introduced in Windows 2000 and don’t replicate at all. This means that you have to query all your domain controllers if you want to use these attributes to retrieve information about the last logon of a user. The attribute lastLogontimeStamp was introduced in Windows Server 2003 and does replicate.Next difference to the Windows Server 2008 attributes is that they log not only interactive logons but also other logons such as when a user accesses a network share. You also can’t use the old attributes for displaying the last logon information after the user signs in.Activate interactive logon attributesThe interactive logon attributes can only be activated if your Active Directory domain functional level is Windows Server 2008 and only computers running Windows Vista and Windows Server 2008 or higher can display the last sign-in information on the login screen. Windows XP and Windows Server 2003 computers will ignore the Group Policy setting.If you have to assign the Group Policy to all domain controllers, go to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Logon Options > Display information about previous logons during user logon.Here, only domain controllers will display the login information after sign-in. Thus, the name of the policy is a bit misleading and it just doesn’t display previous logon information on computers that are not in the scope of the policy. Depending on the size of your domain, you may have to take the corresponding replication load into account.If you can verify that interactive logons are logged in Active Directory Users and Computers (ADUC), you have to enable Advanced Features in the View menu of ADUC. If you then double-click a user object, you should see the Attribute Editor tab.After you configure the policy, you have to ensure that all domain controllers have received the new settings. So once the Group Policy is applied, you should see the logon information on all machines in the scope of the policy.Display previous logon information?A user-based rather than a computer-based Group Policy for logging login information in Active Directory would make more sense. That way, you could ensure that only administrators see the last logon information after signing in. Since only admins sign on to servers, this would make a computer-based policy more or less superfluous. Article Tags: Active Directory Last, Directory Last Logon, Last Logon Information, Windows Server 2008, Active Directory, Directory Last, Last Logon, Logon Information, Logon Attributes, Windows Server, Server 2008, Information About, Interactive Logon, Domain Controllers, Information After, Group Policy
How,Display,Active,Directory,L