Last post Sep 18, 2007 09:54 AM by johram
Sep 14, 2007 05:41 AM|Ireland|LINK
I am using the below code to authenticate a user to see if they are in our active directory - that works fine.
But now i need to check if the authenticated user is currently logged into a pc or not logged in. I can not find the way to do this.
Can anyone point me in the right direction.
Thanks for all help...
Sep 17, 2007 08:52 PM|areddic|LINK
Compare the lastLogoff and lastLogon properties
Sep 18, 2007 09:54 AM|johram|LINK
Unfortunately there is no easy way to achieve this. There is no built-in support in Windows for this. There is indeed an attribute (lastLogon) that reflects the last time a user was logged on to a domain controller. Only problem is that this attribute is
not replicated, so you need to ask each DC in your forest to get the correct result. Then there is an attribute called lastLogonTimestamp (in 2003 server) which is replicated, but only (default) every two weeks. Ref:
Regarding lastLogoff, that attribute never seems to be set. It is always zero (afaik) so that's not much to use.
I'd say your best shot is to write a little login script that writes the login status back to the user object in the AD (or computer object), and then a logoff script that does the reverse. But it is nearly impossible to handle the situation with a computer
that crashes, or if a user simply turns off the computer, without running the logoff script. Only way to solve this is to have a service that periodically reports "user is online" back to a master server, which you can then query.