1

I'm trying to receive all computers that are currently connected to AD and which of them who has a user logged on to AD. I've tried with the ComputerPrincipal's .LastLogon property, but I get a value that is completely off, about a week.

I want to know which computers in AD who's availiable. Is there another method I can use?

PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "192.168.0.101:389", "Administrator", "XXXX");

// define a "query-by-example" principal - here, we search for a ComputerPrincipal 
ComputerPrincipal qbeComputer = new ComputerPrincipal(ctx);

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeComputer);

// find all matches
foreach (var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
    ComputerPrincipal cp = found as ComputerPrincipal;

    if (cp != null)
    {
       string computerName = cp.Name;
       DateTime? lastLogon = new DateTime();
       lastLogon = cp.LastLogon;
       DateTime convertedDate = DateTime.SpecifyKind(DateTime.Parse(cp.LastLogon.ToString()), DateTimeKind.Utc);

       var kind = convertedDate.Kind;
       DateTime dt = convertedDate.ToLocalTime();

       Response.Write(cp.Name+"   :   "+ dt.ToString()+ "<br />");
    }
 }

EDIT:

I want the print-out to be like this:

Computer 1: True Computer 2: False Computer 3: False Computer 4: True

Is it impossible to query a computer if it's currently logged on? I just need an bool, True or False.

Nate
  • 30,286
  • 23
  • 113
  • 184
Olof Wännström
  • 11
  • 2
  • 4
  • Provide an example of what you got and what you were expecting. – Security Hound May 29 '12 at 12:00
  • Active Directory is a **static** resource - it doesn't have "dynamic" run-time information like who is logged in on which computer. I'm afraid you cannot retrieve that information you're looking for from Active Directory.. – marc_s May 29 '12 at 12:06
  • What's going on with `lastLogon` - why assign `new DateTime()` when you're immediately going to replace that with `cp.LastLogin`? Similarly, why are you accessing `convertedDate.Kind` when you've just specified that in the previous line? – Damien_The_Unbeliever May 29 '12 at 12:13
  • I'm sorry about that, even if it dosen't affect the result... – Olof Wännström May 29 '12 at 12:24
  • The lastLogon property of the computer is when the computer's account logs in, not a user logging in to it. – Brian Desmond May 29 '12 at 22:44

2 Answers2

0

This is a classic MCSE question. The lastlogon field is local to that specific DC and not globally replicated.

You need to query each AD domain controller and look for the most recent date of each.

makerofthings7
  • 60,103
  • 53
  • 215
  • 448
0

You need to query security event log on all domain controller in forest/domain to make sure that user is logged on some machine.Then you should contact this workstation using WMI to check if user is still logged on.

Event you may interest are Logon events with type of interactive logon (ID 4624 for logon, 4634 for log off).

However, when PC lost connectivity with domain (very common for notebooks) and user logs-off, none domain controller will receive logoff event.

User can actualy logs on without domain is previously have created local cache of his account on PC.

As others said lastlogon and lastlogontimestamp can not be used for reliable way to track user logon, check this and this

Some example here

And more info here and here

Community
  • 1
  • 1
rkosegi
  • 14,165
  • 5
  • 50
  • 83