A script is provided in Roth's Win32 Perl Scripting's book to get the last true logon time for a Windows Domain user by querying all the domain controllers to get the REAL time a user last logged on or off.

The script was written for an NT domain, and the part that enumerates the PDC/BDCs in the domain (using WIN32::NetAdmin) does not work for a Win2K environment. So, I tried to hack the script by giving a fixed array of domain controllers (not the optimum, but sufficient for me), with the result the script doesn't work as expected.

Instead of polling the domain controllers and returning the LAST logon time over all the controllers, the script is only returning the data from the last server in the array (although they all appear to be being polled). I'm reluctant to give the entire script, but I'm appending the bits that do most of the work: 
if( "" ne $Config{domain} )
{
#  $Config{machine} = "";
#  Win32::NetAdmin::GetDomainController( '',
#                                        $Config{domain},
#                                        $Config{machine} );
#  Win32::NetAdmin::GetServers( $Config{machine},
#                                $Config{domain},
#                                SV_TYPE_DOMAIN_CTRL,
#                                \@MachineList );
  @MachineList = qw(SERVER1 SERVER2 SERVER3);
}

[download]

That code above shows howthe MachineList array was being populated orginally, and the fixed list that I have substituted. 

#... stuff to populate %accountslist, $account ...

foreach my $Machine ( @MachineList )
{
  ( $Machine = "\\\\$Machine" ) =~ s/^\\+/\\\\/;
  print "Querying $Machine\n";

  foreach my $Account ( sort( keys( %AccountList ) ) )
  {
    my %Attrib;
    if( Win32::AdminMisc::UserGetMiscAttributes( $Machine,
                                                  $Account,
                                                  \%Attrib ) )
    {
      my $Data = $Result{$Account} = {};
      $Data->{fullname} = $Attrib{USER_FULL_NAME};
      if( $Data->{lastlogon}->{value} < $Attrib{USER_LAST_LOGON} )
      {
        $Data->{lastlogon}->{value} = $Attrib{USER_LAST_LOGON};
        $Data->{lastlogon}->{machine} = $Machine;
      }
      if( $Data->{lastlogoff}->{value} < $Attrib{USER_LAST_LOGOFF} )
      {
        $Data->{lastlogoff}->{value} = $Attrib{USER_LAST_LOGOFF};
        $Data->{lastlogoff}->{machine} = $Machine;
      }
      $Data->{badpwcount} += $Attrib{USER_BAD_PW_COUNT};
      $Data->{logons} += $Attrib{USER_NUM_LOGONS};
    }
  }
}
foreach my $Account ( sort( keys( %Result ) ) )
{
  print "$Account ($Result{$Account}->{fullname}):\n";
  print Report( "Last logon", $Result{$Account}->{lastlogon} ), "\n";
  print Report( "Last logoff", $Result{$Account}->{lastlogoff} ), "\n"
+;
  print "\tTotal number of bad password attempts: ";
  print "$Result{$Account}->{badpwcount}\n";
  print "\tTotal number of logons: $Result{$Account}->{logons}\n";
  print "\n";
}

sub Report
{
  my( $Field, $Data ) = @_;
  my $Date = scalar localtime($Data->{value} );
  my $Location = "( $Data->{machine} )";
  
  $Date = "Not available" if( 0 == $Data->{value} );
  $Location = "" if( 0 == $Data->{value} );
  return( "\t$Field: $Date $Location" );
}

[download]
So, when running the full script, all I get is the results returned for SERVER3. If anyone can shed some light on this, I'd be grateful.

In reply to Problem with ascertaining last NT logon - Roth script by billie_t

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.