NetVision customers often ask for help reporting on the last time a particular user logged onto the network. Here’s what you need to know about finding the right attributes.
Active Directory
When querying for Last logon, a very common mistake is to look at the LastLogonTimeStamp attribute. If this attribute is selected, no data will be returned. It’s a calculated attribute that doesn’t hold information. The correct attribute to query is LastLogon. This attribute contains the last time the user logged into AD.
NOTE: If you’re filtering in real-time for specific users, be careful. The person logging in will NOT show as the UserID, it will show as the system process used in authenticating the user. To correctly monitor for specific accounts, NetVision customers can set your filter to include the list of accounts you are interested in monitoring. When the LastLogon attribute is written to AD, the object (or DN) that receives the attribute change is what NetVision records. If the policy is set correctly, you will see the change to the LastLogon time and you will be able to see the system process that authenticated the user or object.
eDirectory
When querying for last logon in eDirectory, a common mistake is to select the lastLoginTime attribute. If this attribute is selected, the date and time that will be returned is not the true last time the user logged in, but the time before. For example, If I logged in on 1/5/09 at 8am, and then logged in again on 2/8/09 at 9am, the lastLoginTime attribute will have the value of 1/5/09 8am (a full month off). The correct attribute to query is loginTime. This entry contains the true last time the user logged into eDirectory.
Got Other Challenges Like This?
The roles and usage of the dozens of relevant objects and attributes - and how to correctly configure policies - can be a lot to understand and remember over time. As requirements change, you want to make sure the right information is being captured and analyzed. NetVision’s SIMON managed service makes it all simple. You don’t have to remember a thing. Just tell us what’s important to you and we put our expertise to work to do the job quickly and efficiently.
