How to Display Active Directory Last Logon Information

Apr 28


Rossy Guide

Rossy Guide

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

To display last associated logon information on the user's login screen after sign-in, you have to activate the Group Policy “Display information about previous logons during user logon” in a strict order. Here we will learn the difference between the Windows Server 2008 attributes and the old last logon attributes that were introduced with Windows 2000 and Windows Server 2003. The account holder will see the time of the last successful and unsuccessful login.


Active Directory last logon attributes

In Windows Server 2008,How to Display Active Directory Last Logon Information Articles Microsoft introduced four new Active Directory attributes that store information about the user’s last interactive logon:

  • msDS-FailedInteractiveLogonCount(CN: ms-DS-Failed-Interactive-Logon-Count)
  • msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon(CN: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon)
  • msDS-LastFailedInteractiveLogonTime(CN: ms-DS-Last-Failed-Interactive-Logon-Time)
  • msDS-LastSuccessfulInteractiveLogonTime(CN: ms-DS-Last-Successful-Interactive-Logon-Time)

So by default, this feature is deactivated because in environments with a large number of users, it can cause a high replication burden in the morning when many users are signing in at the same time.

Difference to lastLogon and lastLogontim

This is one difference to the attributes lastLogon, badPasswordTime, badPwdCount and lastLogontimeStamp and the first 3 were introduced in Windows 2000 and don’t replicate at all. This means that you have to query all your domain controllers if you want to use these attributes to retrieve information about the last logon of a user. The attribute lastLogontimeStamp was introduced in Windows Server 2003 and does replicate.

Next difference to the Windows Server 2008 attributes is that they log not only interactive logons but also other logons such as when a user accesses a network share. You also can’t use the old attributes for displaying the last logon information after the user signs in.

Activate interactive logon attributes

The interactive logon attributes can only be activated if your Active Directory domain functional level is Windows Server 2008 and only computers running Windows Vista and Windows Server 2008 or higher can display the last sign-in information on the login screen. Windows XP and Windows Server 2003 computers will ignore the Group Policy setting.

If you have to assign the Group Policy to all domain controllers, go to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Logon Options > Display information about previous logons during user logon.

Here, only domain controllers will display the login information after sign-in. Thus, the name of the policy is a bit misleading and it just doesn’t display previous logon information on computers that are not in the scope of the policy. Depending on the size of your domain, you may have to take the corresponding replication load into account.

If you can verify that interactive logons are logged in Active Directory Users and Computers (ADUC), you have to enable Advanced Features in the View menu of ADUC. If you then double-click a user object, you should see the Attribute Editor tab.

After you configure the policy, you have to ensure that all domain controllers have received the new settings. So once the Group Policy is applied, you should see the logon information on all machines in the scope of the policy.

Display previous logon information?

A user-based rather than a computer-based Group Policy for logging login information in Active Directory would make more sense. That way, you could ensure that only administrators see the last logon information after signing in. Since only admins sign on to servers, this would make a computer-based policy more or less superfluous.

Source: Free Guest Posting Articles from