如何通过 Active Directory 检索计算机的
lastLogonAttribute Editor下面是测试程序,我在尝试获取它之前尝试了 pADs->GetInfo(),它没有帮助,而且还导致了巨大的延迟,因为它试图连接所有不再存在或已关闭的计算机关闭。
#include <windows.h>
#include <activeds.h>
#include <comdef.h>
#include <iostream>
#pragma comment(lib, "Activeds.lib")
#pragma comment(lib, "ADSIid.Lib")
int main() {
HRESULT hr = CoInitialize(NULL);
if (FAILED(hr)) {
std::cout << "Failed to initialize COM library." << std::endl;
return 1;
}
IADsContainer* pContainer = NULL;
hr = ADsOpenObject(L"WinNT://mydomain", NULL, NULL, ADS_SECURE_AUTHENTICATION, IID_IADsContainer, (void**)&pContainer);
if (FAILED(hr)) {
std::cout << "Failed to bind to Active Directory." << std::endl;
CoUninitialize();
return 1;
}
IEnumVARIANT* pEnum = NULL;
hr = ADsBuildEnumerator(pContainer, &pEnum);
if (FAILED(hr)) {
std::cout << "Failed to get enumerator." << std::endl;
pContainer->Release();
CoUninitialize();
return 1;
}
VARIANT var;
ULONG lFetch;
IDispatch* pDispatch = NULL;
IADs* pADs = NULL;
BSTR bstrClass;
while (S_OK == ADsEnumerateNext(pEnum, 1, &var, &lFetch)) {
pDispatch = V_DISPATCH(&var);
hr = pDispatch->QueryInterface(IID_IADs, (void**)&pADs);
if (SUCCEEDED(hr)) {
hr = pADs->get_Class(&bstrClass);
if (SUCCEEDED(hr)) {
if (_wcsicmp(bstrClass, L"computer") == 0) {
CComVariant vardate;
hr = pADs->Get(CComBSTR(L"lastLogon"), &vardate);
if (SUCCEEDED(hr)) {
// *********** NEVER GET HERE **************
}
BSTR bstrName;
hr = pADs->get_Name(&bstrName);
if (SUCCEEDED(hr)) {
std::wcout << L"Computer: " << bstrName << std::endl;
SysFreeString(bstrName);
}
}
SysFreeString(bstrClass);
}
pADs->Release();
}
VariantClear(&var);
}
ADsFreeEnumerator(pEnum);
pContainer->Release();
CoUninitialize();
return 0;
}
LastLogonTimeStamp 是可以使用的复制版本。该属性被复制到同一域中的其他 DC。
后一个字段的缺点是该字段可能反映由另一个名为 ms-DS-Loedgon-Time-Sync-Interval 的属性控制的天数,默认值为 14 天。
参考:
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/8220-the-lastlogontimestamp-attribute-8221-8211-8220-what-it-was/ba-p/ 396204