The lastLogon and lastLogoff attributes of a user are recorded on the the domain controller that authenticates them, and are NOT replicated to other domain controllers.

I have scripted LastLogOnOff.bat to return the formatted lastLogon and lastLogoff attributes of a user.

The syntax for using LastLogOnOff.bat is:

\[call\] LastLogOnOff UserName on off

where:

<b>UserName</b> is the <b>NetBIOS</b> User name.

<b>on</b>       is a <a href="/article/jsifaq/jsi-tip-5535-how-can-i-cause-a-called-batch-file-to-return-a-call-directed-environment-variable-.aspx">call directed environment variable</a> that will contain the last log on date and time.

<b>off</b>      is a <a href="/article/jsifaq/jsi-tip-5535-how-can-i-cause-a-called-batch-file-to-return-a-call-directed-environment-variable-.aspx">call directed environment variable</a> that will contain the last log off date and time.

Example:

call LastLogOnOff %UserName% timeOn timeOff
@echo %UserName% logged on at %timeOn% and logged off at %timeOff%.

Might display:

Jerry logged on at 07/06/2004 07:27:43 and logged off at Never.

NOTE: LastLogOnOff.bat use DSQUERY and CvtFileTime.bat.

LastLogOnOff.bat contains:

@echo off
if \{%3\}==\{\} @echo Syntax: LastLogOnOff UserName on off&goto :EOF
setlocal
set user=%1
set qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=%user%))" -attr lastLogon lastLogoff -limit 0
set on=0
set off=0
for /f "Tokens=*" %%s in ('<a href="/article/jsifaq/jsi-tip-8241-how-can-i-return-a-list-of-domain-controllers-without-using-netdom-.aspx">dsquery server -O RDN</a>') do (
 for /f "SKIP=1 Tokens=1,2" %%a in ('%qry% -s "%%s"') do (
 call :last %%a %%b
 )
)
Call CvtFileTime %on% ondt
Call CvtFileTime %off% offdt
endlocal&set %2=%ondt%&set %3=%offdt%
goto :EOF
:last
if "%on%" LSS "%1" set on=%1
if "%off%" LSS "%2" set off=%2