I was wondering if there was a way in Active Directory to query a Computer object to find the last user who logged on.
Poor asset tracking has left me with a couple of un-locatable machines and I would like to know who used them last.
Thanks
Edit: Just to clarify, I can't find the machines physically and it doesn't look like its been powered on for a while, that's why I want to know who had them last so I can query them.
Best Answer
I've had a few "where the hell is that" moments in my time. My usual way to tackle is as follows.
The first thing I do is browse the C: drive (
\\LOSTCMPUTER\C$) and look at the local profiles to see if I can hopefully determine at least what department it resides in. Then poke around in the profile directories to try and find files recently changed and contact the user if anything looks promising. If not, wander around the department and tie up all computers you think are there and what is actually there.Failing that, in the global logon script, put something like this.
Other things to try might be to disable the computer object and when someone phones asking why they can't log on to the computer, note where it is and re-enable the account.