There is a lastLogoff user attribute you could use but it does not get used.
You can check for the last logon using a script though. If you are using
Windows 2000, you must query every DC in the domain for a users lastLogon
attribute using something like ADSI. For Windows 2003 it's much easier, you
can query just one DC in the domain for the lastLogonTimestamp attribute
using the same method. The lastLogonTimestamp only gets updated every
fortnight by default so if a user logs on multiple times in a two week
period the attribute will not capture that. This two week period can be
changed but will increase your replication traffic.
For the actual ADSI syntax used to perform this, you might be better asking
in the ADSI newsgroup. You can however get the same information using any AD
query tool like ldifde, ldp etc. Auditing and the security event logs could
also be used.
