• 0

Active Directory Last Used Computer(for a specific user)



Hello. I've recently started reading for the 70-640 Exam: Configuring Windows Server 2008 Active Directory, and I think it's going well for now(first exam ever). While I was reading, I noticed some new "features"/attributes that I can't find. The book says in the first chapter:

Functional level: ....... For example, when the domain functional level is raised to Windows Server 2008, a new attribute becomes available that reveals the last time a user successfully logged on to a computer,the computer to which the user last logged on, and the number of failed logon attempts since the last logon. ..........

Can anyone confirm this? I've been through all the attributes wth values using ADSI for the Administrator user in the domain(which has only logged on to DC server), but I can't seem to find this attribute. Is it not visible because a server is not a "computer" and because of that it isn't written as a value yet, or is the attribute not there at all? Google didn't help either since everyone still uses logon scripts to log this. I know there may be possible to collect logs from the DCs to find it out, but an attribute for the last used workstation/computer would be better.

Is the author lying in the Microsoft Exam Training Kit or am I just blind? :) Thanks

Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 0

I've come across this Technet Article before which might be of help to you:


How to configure last interactive logon

You configure last interactive logon through a GPO. You must configure the following setting for the GPO with domain controllers in its scope of management if you want to report last interactive logon information to the directory service:

Computer Configuration| Policies | Administrative Templates | Windows Components | Windows Logon Options | Display information about previous logons during user logon = Enabled

If you want to display last interactive logon information to the user, you must configure this setting for both the GPO with domain controllers in its scope of management as well as any GPO with Windows Server 2008 and Windows Vista client computers in its scope of management.

However I came across a CBT Nuggets video which described that this feature is all well and good, but can cause issues where users in the domain running Vista upwards won't be able to login once the GPO has been applied, obviously dependent on what OU you apply the policy to. Here is just one article I have found with someone who experienced the same problem:


Not what you want when you have users trying to login first thing.

Microsoft do provide an extension which plugs into Active Directory which might help you though, I haven't tried it myself so would suggest trying it in a test domain lab first. It's called ACCINFO.DLL (search for Account Lockout Tools) then just regsvr32 from elevated CMD.

If you then open AD DS look at an account you should now have a new tab named 'Additional Account Info' which displays lots of information including Last Logon, Last Logoff, Counts, SID etc. But again, test in a lab before applying it in production just in case! Also a minor point, that tab doesn't appear when using Server Manager only Active Directory Users and Computers.

Here's a nice picture from Petri.co.il that shows what information it describes:


Link to post
Share on other sites
  • 0

Thanks for a quick answer. I've read about Interactive Logon, but it does not seem to show the computer used to login. It just shows time and logon tries++. That's what's so weird :s

Link to post
Share on other sites
  • 0

We've played around with different methods to get last logons, and determined the best and easiest way is to manage logons was using vbscripts on logon and log off. Script to write an entry into a database at log on, and another on log off. We also encorporated duplicate login restrictions into these scripts too. At logon, this script also creates a random file containing only the username of the person logged on, which is saved in a specific place at logon, and deleted at log off.

I know it doesn't exactly answer your question, but it's another way of doing it.

Link to post
Share on other sites
  • 0

Yes I know, and that's what I've tried earlier in labs. That's why I got so excited when the author said 2008 func. level had an attribute for it. It seems that he may have lied. Is there any way to see what changes are made to the schema when you raise the func. level? So I could take a look at each attribute that's added and monitored those to see if they work as a "last computer" attribute.

Btw. How do you handle system crashes and laptops with that duplicate login restriction? If a user doesn't properly log off or does not have network connection at the time of logout, they would be locked out until fixed. Got a smart solution for those or do you handle it manually when the system crashes?

Link to post
Share on other sites
  • 0

BGInfo allows something similar to this. We have a DB that BGInfo updates after each login. Shows user and the PC they've logged in to.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Rich Woods
      Parallels Desktop lets you run Windows on Chrome OS starting today
      by Rich Woods

      After announcing its partnership with Google back in June, Parallels is now available for Chromebook Enterprise users. That's right; you can now run Windows on Chrome OS, no internet connection required. Everything is running locally in a virtual machine.

      The issue of running Windows on Chrome OS solves a big problem for businesses. If nothing else, it allows you to run those last few apps that your business needs. If the Office web apps aren't enough, you can easily run full Office in Parallels. Or, you can run your business's proprietary apps.

      "Chrome OS is increasingly being chosen by modern enterprises, either for remote work, hybrid, or in the office," said John Solomon, Vice President of Chrome OS at Google. "We are thrilled to partner with Parallels to bring legacy and full-featured Windows applications support, through Parallels Desktop for Chromebook Enterprise, to help businesses easily transition to cloud-first devices and workflows."

      Parallels worked on a lot of integrations with Chrome OS, and it did this by using its own software. The team used Parallels on Chromebook Enterprise, and continued to make feature requests. After all, no one will want the Windows and Chrome OS to be completely isolated from each other.

      You can easily share files between Chrome OS and Windows. In Chrome OS, you can easily find your Windows files, and then you'll find the common folders like Downloads, Documents, Pictures, and so on. To open Chrome OS files in Windows, you have to opt to share a file or folder with Windows with Google Drive. Windows apps are also integrated into 'Open with', so for example, you can choose to open a Word document from Chrome OS into Windows via Parallels.

      "Parallels Desktop for Chromebook Enterprise incorporates more than 22 years of Parallels’ experience innovating software that makes it simple for people to seamlessly run multiple operating systems and applications on any device, to be more productive," said Nick Dobrovolskiy, Senior Vice President of Engineering and Support for Parallels. "In addition to simultaneously running Windows and its full-featured apps alongside Chrome OS apps directly on a Chromebook, Parallels Desktop integrates a variety of useful features: Copy and paste text and graphics between Windows 10 and Chrome OS; frustration-free printing from Windows apps via shared Chrome OS printers or from printers that are only available for Windows 10; and the option to save Windows files locally on a Chromebook, in the cloud, or both."

      Being that it's a virtual machine that you're running, it can save its state. That means that you can quickly pick up where you left off.

      Parallels Desktop for Chromebook Enterprise is available now, and it costs $69.99 per year per user. You do need a Windows license, of course, and you'll need a Chromebook that has an Intel Core i5 or i7, 16GB RAM, and 128GB of storage. Initially supported devices include the HP Elite c1030 Chromebook Enterprise, HP Pro c640 Chromebook Enterprise, Google Pixelbook, Google Pixelbook Go, Acer Chromebook Spin 713, Acer Chromebook Spin 13, Dell Latitude 5300 2-in-1 Chromebook Enterprise, Dell Latitude 5400 Chromebook Enterprise, Lenovo Yoga C630 Chromebook, and ASUS Chromebook Flip C436FA.

    • By Jay Bonggolto
      Microsoft outlines 10 app store principles in a jab at Apple
      by Jay Bonggolto

      Microsoft today introduced a set of 10 principles that it will use to steer its app store policies for developers. The software giant says the principles aim "to promote choice, ensure fairness, and promote innovation on Windows 10".

      In a blog post outlining these principles, Rima Alaily, Microsoft's Vice President and Deputy General Counsel, reiterated that Windows 10 is an open platform where "developers are free to choose how they distribute their apps".

      The 10 principles are as follows:

      These principles aren't new, though. Microsoft has long been providing developers a way to distribute their apps and games the way they like. Also, Microsoft Store isn't the only distribution option available to developers on Windows, with Steam and Epic already available on the platform. That said, these principles don't apply to the Xbox store since Microsoft "operates on a different set of rules" when it comes to that platform.

      The principles build upon the work of the Coalition for App Fairness (CAF), which was launched in September by Epic Games, Spotify, and more organizations to take on Apple's App Store policies. Interestingly, while today's announcement does not specifically mention Apple, it comes at a time when that company is facing an antitrust investigation for its app store practices.

    • By Rich Woods
      Microsoft is changing the way it handles Windows release notes
      by Rich Woods

      Microsoft is making some changes to the way it handles Windows release notes, the company announced today. For starters, it's combining support.office.com and support.microsoft.com into one site, and of course, that means that other changes are on the way. Microsoft says that combining the two sites will make it easier to publish release notes more quickly.

      One thing that's changing is the URL structure, as the KB ID will always be prominently displayed on the page. The firm noted in the announcement that while the KB ID is always included in the URL, allowing the user to paste a KB ID to the end of 'https://support.microsoft.com/help', it wasn't always included in the article. Now, there's more of a tie between the article and the URL, also making it easier for search engines to find.

      Microsoft is adding the ability to add support articles to Facebook and LinkedIn, adding to the email option that's already there. Microsoft says we're also going to see more changes to the formatting and the UI. In fact, KB articles will no longer be served in a JSON format; they're going to be HTML instead.

      Chris Morrissey, who penned the blog post, also made a list of things that aren't changing, such as all existing release notes. He also promised that Microsoft will continue to deliver release notes, as it always has, for supported versions of Windows. Other things that are being kept are the ability to quickly find similar or related articles, and the ability to leave comments. All of these changes are rolling out in the coming weeks.

    • By Rich Woods
      Eric Raymond thinks Microsoft is ready to swap out the Windows kernel for Linux
      by Rich Woods

      According to a blog post penned by open-source advocate Eric Raymond, Microsoft is finally ready to give up on that old relic it called Windows, which doesn't even generate enough revenue anymore to be more than a "sideshow" at the company. Raymond says that now that Azure makes so much more money than Windows does, the firm is set to replace Windows with Linux, which will run an emulation layer in order to maintain compatibility with legacy apps.

      The only problem is that none of that is true. Despite stagnant growth, Windows revenue is still among the most profitable pieces of Microsoft. Azure is set to surpass that someday, but that day is not today. Nevertheless, Raymond thinks that the more that this happens, the less Windows will be as a priority for Microsoft, and eventually, Windows development simply won't make sense.

      The speculation that Microsoft cares less about Windows than it once did (it's not even really speculation) isn't new, and it stands to reason that the firm will care even less down the line. But Raymond not only looks at Microsoft's finances as evidence; he looks at clues that are right in front of us. Those clues are, you guessed it, the Windows Subsystem for Linux and Microsoft's Edge browser coming to Linux.

      The latter is actually pretty easily explained, since it took such little work to bring Edge to Linux. Edge is based on Chromium now, and so it supports all of the platforms supported by Chromium. What probably should have been more notable is that Microsoft built Edge from Chromium in the first place, rather than continuing to develop its own in-house browser. The story with how Edge was rebuilt is quite similar to what Raymond is saying will happen with Windows.

      Windows does ship with a Linux kernel now with the latest Windows Subsystem for Linux, and as noted in the blog post, Microsoft does contribute to Linux in an effort to make WSL better.

      All of this adds up to, in Raymond's opinion, Microsoft rebuilding Windows from a Linux kernel, with a Windows emulation layer on top. Developers will be able to compile their apps to run natively if they wish, which is what Microsoft is already doing with Edge.

      While he does create a compelling argument for Microsoft wanting to do this, he doesn't account for whether or not Microsoft can do this. The Redmond firm is notoriously bad at getting app developers on board for something that it wants them to do; you can use Windows Phone or Windows on ARM as examples here. It's also not shown that it's great at emulation, with 32-bit emulation not being great on ARM PCs and 64-bit emulation not even here yet.

      What do you think? Is the year of desktop Linux finally on the way? Let us know in the comments!

    • By indospot
      Windows 10 version 20H2 is here - here's what you need to know
      by João Carrasqueira

      For the past few months, Microsoft has been working on the next feature update for Windows 10, the one to follow up the May 2020 Update. We’ve covered the changes in every Windows 10 feature update since the May 2019 Update, so of course we're also going to go over the next one. But before we do, if you missed any of the previous updates, you can use these links to check the additions from the past few releases:

      Windows 10 May 2019 Update (version 1903) Windows 10 November 2019 Update (version 1909) Windows 10 May 2020 Update (version 2004) Moving on to the next update, Microsoft is changing the way it designates new versions of Windows 10, so instead of being version 2009 or 2010, Microsoft is calling it version 20H2, with a more friendly name being October 2020 Update. Instead of indicating the month the update was finalized in, the version now just indicates whether the update was released in the first or second half of the year. This should help alleviate some questions users have had, since the month indicated in the version number was almost always different from the month used in the friendly name.

      Windows 10 version 20H2 is a relatively small feature update, just like version 1909 was last year. If you’re running version 2004, this update will simply be an enablement package, essentially turning some features that are already baked into version 2004, but turned off. Because of that, users on version 20H2 will get all the same monthly cumulative updates as version 2004. This also means there’s not a lot of new features, but there are some notable ones nonetheless. Let’s take a look.

      Desktop environment

      Easily the most immediately noticeable change in this release is in the Start menu, especially if you have tiles pinned to it. Microsoft has added theme-aware tiles, which means they’re now using a transparency effect instead of being a solid color. Not only that, they will now follow your system theme – light or dark – instead of always being colored, so you can have monochrome tiles to help app icons pop. You can also enable color for the Start menu in Settings -> Personalization -> Colors, and tiles will be colored while retaining the transparency effect.

      There are also some improvements to the All Apps list, though. App icons are no longer forced to fit into colored squares, so not only are the icons themselves bigger, but the list as a whole looks a lot cleaner. Plus, there’s a new icon for folders, which falls much more in line with Microsoft’s design language.

      Moving down to the taskbar, there’s a small change for new accounts, which may now see some different apps pinned to the taskbar when they login for the first time. Usually, Windows 10 pins Edge, File Explorer, Microsoft Store, and Mail icons to the taskbar out of the box. With this change, you may see some different ones, like the Your Phone replacing Mail if you have linked an Android phone to your Microsoft account, or the Xbox app if you have a gaming PC. This won’t affect you if you’re just updating Windows 10, though, only new users starting with this version, such as with a clean install.

      Image credit: Windows Blogs There are also some changes for 2-in-1 devices and the tablet experience, as Microsoft continues to deprecate the traditional tablet mode. When you detach a keyboard or rotate it behind the screen, you’ll no longer see a prompt to switch to tablet mode proper, and instead you’ll see a new experience for tablets, which increases spacing between some items and adds a touch keyboard button to the taskbar to make the touch experience better.

      This tablet experience was already available in Windows 10 version 2004, but unless you had a Surface device, you’d still see the tablet mode prompt, and saying no would take you to the new tablet experience. You can re-enable the prompt in Settings -> System -> Tablet if you want to use the classic tablet mode.

      On this note, there are a couple of other changes. If your device doesn’t have a touch screen, the Action Center will no longer show the tablet mode button so you don’t enable it by accident. Microsoft has also improved the logic so when you turn on the computer, it will deliver the right experience based on whether you had tablet mode enabled at the last shutdown and if there’s a keyboard attached.

      Chromium-based Edge

      Another thing that’s new in this update is that it’s the first version of Windows 10 to ship with the new Chromium-based Edge, though you’ve been able to install it for a while. However, with the new Edge being bundled into the operating system, there are some new features to improve the integration between the two.

      On the taskbar, there are some improvements to pinned sites. If you pin websites to the taskbar using Edge, the taskbar icon will now let you keep track of all the tabs you have open for that website, even if they’re in different Edge windows. The feature requires version 86 of Edge, which is currently only available in beta, but it should be promoted to the stable channel by the time Windows 10 version 20H2 is generally available.

      Another Edge-related improvement is in the task switcher, which you access with Alt+Tab. If you have multiple Edge tabs open, you’ll now see each one individually listed in the task switcher, so you can more easily switch to it. By default, up to five Edge tabs will be visible, but you can change this in Settings -> System -> Multi-tasking, so you can see just three tabs, every tab, or only open windows.


      Microsoft has made some notable improvements to the way notifications are presented in this update, which makes them a lot easier to understand. For one thing, the name of the app and its icon are now shown at the top, whereas the previous design only showed the app name in small text under the notification content (and even that only appeared for some apps). On top of that, there’s a new X button to immediately dismiss notifications. Before, you’d only be able to hide the notification into the Action Center, and then dismiss it from there, but now it can be dismissed directly from the notification toast.

      Old style New style You’ll also notice that the gear button to adjust the notification settings has been replaced with a three-dot button, albeit only in notification toasts and not in the Action Center itself.

      On the topic of notifications, Microsoft has also disabled notifications for when Focus Assist is turned on by an automatic rule. Focus Assist mutes incoming notifications automatically during certain scenarios, such as gaming or when using apps in full screen, but when this happened in previous versions of Windows, there would be a notification in the Action Center to indicate that Focus Assist had turned on automatically, as well as a notification when Focus Assist turns back off, letting users know what they missed. Both of these notifications are now disabled by default, but you can re-enable them in Settings -> System -> Focus Assist.


      A smaller change can be found in the Settings app, specifically in System -> About. Microsoft has made this the default experience for viewing system information, replacing the equivalent page in the old Control Panel. Links to additional settings can be found here now, and there’s a new button to copy your system information in case you need to share it with someone.

      Update: With the update being available now, Microsoft has also announced that there's a new way to access refresh rate settings for your monitor. You can find them in the Settings app now, by going to System -> Display, then choosing "Advanced display settings at the bottom of the page".

      Finally, for businesses and IT administrators, the Modern Device Management (MDM) experience for local users and groups now allows for granular control of policies for groups, just as you would on devices with on-promises Group Policy management.

      The Windows 10 October 2020 Update, or version 20H2, was recently brought to the Release Preview channel of the Insider program, and Microsoft is getting ready to release it to general users in the near future, though a date isn't set yet. As usual, feature updates won't install automatically, but it should show up as an optional update in Windows Update, and you can install it manually. For devices running older versions of Windows 10, which might be nearing the end of support, then the update will eventually be pushed to your device so you can keep getting security updates.

      Update: Windows 10 version 20H2 is now available.

      What's your favorite change in this release? Will you be installing it as soon as possible? Let us know in the comments!