Easy way to view last log on time for NT accounts
Found this great VB script over at WindowsITPro by John Savill while looking for a way to audit (and disable) accounts used for FTP access on our web server (which haven't been used in n days). If you leave the "
Link
Set oDomain =
" alone and don't put in a DC, and put in the name of the local server (not the DC in " sEnterDCs = "
", it will poll the local SAM database, instead of the default behaviour of going out to a DC.' List last logon times
' 2001-03-27 John Savill, Jakob Hussfelt http://www.ntfaq.com
On Error Resume Next
sEnterDCs = "SAVILLTECH,SAVILLNT02"
sObjects = Split(sEnterDCs, ",")
Set oDomain = GetObject("WinNT://" & sObjects(0))
oDomain.Filter = Array("User")
WScript.Echo "Showing last login times of accounts from: " & oDomain.Name & vbNewLine
For Each oDomainItem In oDomain
sUsrLogin = oDomainItem.LastLogin
If UBound(sObjects) >= 1 Then
For ii = 1 To UBound(sObjects)
Set oUsr = GetObject("WinNT://" & sObjects(ii) & "/" & oDomainItem.Name & ",user")
If oUsr.LastLogin > sUsrLogin Then sUsrLogin = oUsr.LastLogin
Next
End If
WScript.Echo "Username: " & Left(oDomainItem.Name & Space(22),22) & "Last login: " & FormatDateTime(sUsrLogin)
Next
Awesome stuff.Link