Tools/Snap-ins for better AD User account management

Does anyone know where I can find snap-in(s) to MMC Active Directory that give me more details on user accounts? I'm looking for login/logout dates & times?

Thank You,
Stephanie

Hmm, no I don't. There are a few forums on the net with resources for those planning to write their own though. If anyone else knows of useful 3rd party snap-ins I'd be interested too

Not snap-ins, but these tools could help:

Shareware:
www.dovestones.com/products/True_Last_Logon.asp
www.hammer-software.com/downloads.shtml#accountaudit

Freeware:
manageengine.adventnet.com/products/ad-m...tory-management.html
www.jijitechnologies.com/product/actived...rectory-reports.html

Login dates and times should be logged on the security log on event viewer of the DC that authenticated the user. In which case, you can use Event Viewer to connect to the DC and view the logs. If you aren't an administrator (or domain admin, in the case of a domain), you'll probably have to edit the DC's security policy to grant different user groups the rights to view audit logs. After you view event viewer, you just have to filter what you want to see.

Unfortunately, I may be wrong because I've actually never looked at the security logs of a DC on a production network that has DCs that ONLY run AD, so I can't say how crazy big the logs can be.

One other helpful feature that you can enable on Active Directory Users and Computers is Advanced Features. You may probably know this, but in case you don't (since I don't want to miss out the chance of revealing this cool feature ), highlight the domain and go to View and click Advanced Features. Now when you look at the properties of a user account at the Object tab, you'll see the date that their user account was created, modified, and the specific location of their account. That's a bit outside the scope of your question, but in an environment with lots of OUs, it'll help to quickly find a user this way.[/i]

Alright, so we are seeking details on user accounts through Active Directory, mainly login/logout times. Many people inquire about this feature, including myself, because it can be very valuable to an administrator.

I have started to really dig down deep into Active Directory to really take advantage of all it has to offer. Another reason I am digging down deep to learn Active Directory is to implement Systems Management Server 2003 (SMS). Now you can do a lot with SMS, and I believe login/logout times is one of features that it provides, but don't quote me on that as I am very new to SMS. You can push Windows Updates to all workstations and servers on the network, so I would think the login/logout information will be provided.

Am I mistaken about this feature in SMS? Has anybody truly implemented SMS to its full potential?


Cheers,

ZiPPy

From what I have read "LimitLogin" does this. "Userlock" also does it. I have not tried either.