If your domain is at a 2008 or later domain functional level, you can use the following attributes:
msDS-FailedInteractiveLogonCount – The number of failed logon attempts since the last interactive logon setting was enabled
msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon – The total number of failed interactive logons until the last successful logon
msDS-LastFailedInteractiveLogonTime – The time when the last failed logon attempt occurred
msDS-LastSuccessfulInteractiveLogonTime – The time of the last successful logon attempt to a workstation
Be default, information is not stored to these attributes as they are replicated and can cause a large amount of replication traffic in large environments in the morning when there are a lot of users logging in.
To enable these attributes you have to create a GPO and apply it to all of your Domain Controllers. The setting that needs to be enabled in the GPO is:
Computer Configuration| Policies | Administrative Templates | Windows Components | Windows Logon Options | Display information about previous logons during user logon = Enabled
Once the GPO has been configured and each DC has applied the setting, you will need to extend the attributes in Reporter to include these attributes:
- Click Start | All Programs | Quest Software | Quest Management Suite | Reporter | Configure
- Click Select the Extend Reporter Attributes tab
- Click Add next to Active Directory attributes
- Select User
- Click the box next to each of the following and then click OK:
- msDS-FailedInteractiveLogonCount
- msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
- msDS-LastFailedInteractiveLogonTime
- msDS-LastSuccessfulInteractiveLogonTime
With the attributes added to reporter, you can then add the attributes to one of the User reports. For example, make a copy of the General User Information report, right click the copy and select properties. Select Attributes and add the new attributes to the report.
