PowerShell: Script for getting LastLogonDate of an AD User
Writing this Article to find a solution for knowing the user's exact login date, in order to clean up stale accounts from Active Directory.
First of all, we need to decide which attribute is responsible for showing the User's Last Login date in the Active Directory.
Article posted by Christopher Ream helped me understand this topic: http://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx
So the correct AD attribute for User is LastLogon. To get all Attributes that contain keyword logon use this Cmdlet in PowerShell.
Get-ADUser -Identity rudenco -Properties * | select *logon*below are the result after running it :
BadLogonCount : 0 LastLogon : 131184859880820168 LastLogonDate : 08-Sep-16 12:05:52 AM LastLogonTimestamp : 131177559529274104 LogonCount : 2051 LogonWorkstations : MNSLogonAccount : False SmartcardLogonRequired : False
The correct attribute was found, but it is not a date in an understandable format. After searching on the internet, found the command to convert this number to a date:
[datetime]::FromFileTime(131184859880820168) Result: Friday, September 16, 2016 10:53:08 AM
We found the correct attribute which is now a date, but there is still one thing left - this attribute is not replicated between Domain Controllers, which means that you need to read it from all Domain Controllers in your Domain in order to get the correct Login Date.
This can be accomplished by looping through all DC and reading this value for all users or for a specified number of users, it depends how your OU's are organized in your domain. Below script is configured to get information for all users from all Domain Controllers. To get the list of all Domain Controllers and to loop through them, user below code:
Get-ADDomainController -Filter * | select name | foreach-object { "'$($_.name)'" } Now you only need to use the command for extracting LogonDate for each Domain Controller generated by the command above - code below: #$iter = 0 $domains = Get-ADDomainController -Filter * | Select-Object name foreach($domain in $domains) { $domain.name Get-ADUser -Filter {name -like "*"} -Properties samaccountname, name, lastlogon | select samaccountname, name, lastlogon # if($iter -eq 2) {break} }
If a stopper is needed just to test the command on your PC (if you are new to PowerShell) just uncomment the 2 lines containing iter (remove the "#") character.
The results will be shown in your PowerShell console - in this case, "PowerShell_ise.exe". To save results into a .CSV file, so you can open it later with Excel. Use below command instead: select samaccountname, name, lastlogon
select samaccountname, name, lastlogon | Export-Csv -Path "c:\temp\UserLogins.csv"
The last step would be to change the LastLogon format so it can be understood, it can be done one line, complete code below:
#$iter = 0
$domains = Get-ADDomainController -Filter * | Select-Object name
foreach($domain in $domains) {
$domain.name
Get-ADUser -Filter {name -like "*"} -Properties samaccountname, name, lastlogon |
select samaccountname, name, @{name="LastLogonDate";Expression={ $date = [datetime]::FromFileTime( $_.lastlogon);$date}} |
Export-Csv -Path "c:\temp\UserLogins.csv"
# if($iter -eq 2) {break}
}
The generated .CSV file can then be opened with Eexcel and you can use its filters to easily search by user or between desired dates, or sort them.
You can also specify the user's desired attributes like Surname, GivenName, Description, Country, DistinguishedName.