In an article we published yesterday, we provided a simple PowerShell script to export a list of all of your stale Active Directory user accounts to a simple text file with nice columns that you could manipulate in Excel.
In this follow-up article, we explain how to easily see the important login, log off and account creation dates that are stored in Active Directory.
If you’re new to Active Directory this might look daunting but it really is simple:
- Launch Active Directory Users and Computer
- Click VIEW (top menu) and select ADVANCED FEATURES
- Locate and double click on the user you want to investigate
- In the users PROPERTIES window, click the ATTRIBUTE EDITOR tab
- At the bottom right of the ATTRIBUTE EDITOR tab, click the FILTERS button and select SHOW ONLY ATTRIBUTES THAT HAVE VALUES
- Look at the information in:
- LAST LOGON – the last time the user logged in with their Active Directory credentials
- WHEN CREATED – the date the user account was created in Active Directory
- WHEN CHANGED – the last time ANY Active Directory attribute was changed in their profile
- You also might find the pwdLastSet field interesting as it tells you the last time the user changed their password
What is the difference between whenChanged and pwdLastSet?
Both whenChanged and pwdLastSet are potentially useful Active Directory attributes, but they record very different information.
As noted above, whenChanged is the date ANY change that anyone, including administrators, made to the user’s Active Directory account whereas pwdLastSet is the date and time a users password was changed.