A. In Server 2008 domain mode, you access Group Policy settings to enable the last-user logon and any unsuccessful attempts. You can find the setting by opening Computer Configuration, selecting Policies, and clicking Administrative Templates. Next select Windows Components, then Windows Logon Options. Finally, enable the "Display information about previous logons during user logon." You must apply this setting to both domain controllers (DCs) and the client machines you want to display last-logon information.
The first time a user logs on, he or she will see a dialog box stating that it’s the first time the user has interactively logged on to the account. On subsequent logons more information is displayed.
The actual logon information is stored with the user object. The values are
- msDS-LastSuccessfulInteractiveLogonTime - The last successful interactive logon
- msDS-LastFailedInteractiveLogonTime - The last failed interactive logon
- msDS-FailedInteractiveLogonCount - The total number of failed interactive logons recorded since the time logon logging was enabled
- msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon - The total number of failed interactive logons recorded since the last successful interactive logon