AD Users LastLogon

PowerShell

Edit|Remove
powershell
<# =========================================================================================== PURPOSE: AD User LastLogon List AUTHOR: Axel Limousin VERSION: 2.0 DATE: 03/19/2013 SYNTAX: Get-ADUserLastLogon -User <ADUSerObject> Get-ADUserLastLogon -User <ADUSerObject> -Site { <SiteName> | * } -Since <Days> THANKS: Mohamed Garrana, David Hoelzer, Sean Metcalf, Shay Levy, WinPS Tip of the Week =========================================================================================== #> function List-ADUserLastLogon { param ( [Parameter(ValueFromPipeline = $false, Mandatory = $true)] [Alias("User")] [Microsoft.ActiveDirectory.Management.ADUser] $LogonUser, [Parameter(ValueFromPipeline = $false, Mandatory = $true)] [Alias("DT")] [DateTime] $LastLogonDT, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("DC")] [String] $LogonDC, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("Site")] [String] $LogonSite, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("Since")] [Int] $LogonSince ) if ($LastLogonDT -ne "01/01/0001 00:00:00") { $LogonDate = Get-Date $LastLogonDT -Format d $LogonTime = Get-Date $LastLogonDT -Format T } else { $LogonDate = "Never logged in" $LogonTime = "Never logged in" } if ($LogonSince) { $Since = [DateTime]::Today.AddDays(-$LogonSince) if ($LastLogonDT -ge $Since) { $CsvUser = New-Object psobject $CsvUser | Add-Member NoteProperty SamAccountName ($LogonUser.SamAccountName) $CsvUser | Add-Member NoteProperty DistinguishedName ($LogonUser.DistinguishedName) $CsvUser | Add-Member NoteProperty LastLogonDate ($LogonDate) $CsvUser | Add-Member NoteProperty LastLogonTime ($LogonTime) $CsvUser | Add-Member NoteProperty LogonDC ($LogonDC) $CsvUser | Add-Member NoteProperty LogonSite ($LogonSite) } } else { $CsvUser = New-Object psobject $CsvUser | Add-Member NoteProperty SamAccountName ($LogonUser.SamAccountName) $CsvUser | Add-Member NoteProperty DistinguishedName ($LogonUser.DistinguishedName) $CsvUser | Add-Member NoteProperty LastLogonDate ($LogonDate) $CsvUser | Add-Member NoteProperty LastLogonTime ($LogonTime) $CsvUser | Add-Member NoteProperty LogonDC ($LogonDC) $CsvUser | Add-Member NoteProperty LogonSite ($LogonSite) } Write-Output $CsvUser } function Get-ADUserLastLogon { param ( [Parameter(ValueFromPipeline = $true, Mandatory = $true)] [Alias("User")] [Microsoft.ActiveDirectory.Management.ADUser] $ADUser, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("Site")] [String] $LogonSite = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("Since")] [Int] $LogonSince ) if ($LogonSite -eq "*") { $DCs = Get-ADDomainController -Filter {Name -like "*"} } else { $DCs = Get-ADDomainController -Filter {Site -eq "$LogonSite"} } $LastLogonDT = 0 foreach($DC in $DCs) { $LogonDC = $DC.HostName $LogonUser = Get-ADUser $ADUser.DistinguishedName -Server $DC.HostName -Properties LastLogonDate if ($LogonUser.LastLogonDate -gt $LastLogonDT) { $LastLogonDT = $LogonUser.LastLogonDate $LogonDC = $DC.HostName $LogonSite = (Get-ADDomainController $DC.HostName).Site } } List-ADUserLastLogon -User $LogonUser -DT $LastLogonDT -DC $LogonDC -Site $LogonSite -Since $LogonSince }

<# =========================================================================================== PURPOSE: AD User LastLogon List AUTHOR: Axel Limousin VERSION: 2.0 DATE: 03/19/2013 SYNTAX: Get-ADUserLastLogon -User <ADUSerObject> Get-ADUserLastLogon -User <ADUSerObject> -Site { <SiteName> | * } -Since <Days> THANKS: Mohamed Garrana, David Hoelzer, Sean Metcalf, Shay Levy, WinPS Tip of the Week =========================================================================================== #> function List-ADUserLastLogon { param ( [Parameter(ValueFromPipeline = $false, Mandatory = $true)] [Alias("User")] [Microsoft.ActiveDirectory.Management.ADUser] $LogonUser, [Parameter(ValueFromPipeline = $false, Mandatory = $true)] [Alias("DT")] [DateTime] $LastLogonDT, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("DC")] [String] $LogonDC, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("Site")] [String] $LogonSite, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("Since")] [Int] $LogonSince ) if ($LastLogonDT -ne "01/01/0001 00:00:00") { $LogonDate = Get-Date $LastLogonDT -Format d $LogonTime = Get-Date $LastLogonDT -Format T } else { $LogonDate = "Never logged in" $LogonTime = "Never logged in" } if ($LogonSince) { $Since = [DateTime]::Today.AddDays(-$LogonSince) if ($LastLogonDT -ge $Since) { $CsvUser = New-Object psobject $CsvUser | Add-Member NoteProperty SamAccountName ($LogonUser.SamAccountName) $CsvUser | Add-Member NoteProperty DistinguishedName ($LogonUser.DistinguishedName) $CsvUser | Add-Member NoteProperty LastLogonDate ($LogonDate) $CsvUser | Add-Member NoteProperty LastLogonTime ($LogonTime) $CsvUser | Add-Member NoteProperty LogonDC ($LogonDC) $CsvUser | Add-Member NoteProperty LogonSite ($LogonSite) } } else { $CsvUser = New-Object psobject $CsvUser | Add-Member NoteProperty SamAccountName ($LogonUser.SamAccountName) $CsvUser | Add-Member NoteProperty DistinguishedName ($LogonUser.DistinguishedName) $CsvUser | Add-Member NoteProperty LastLogonDate ($LogonDate) $CsvUser | Add-Member NoteProperty LastLogonTime ($LogonTime) $CsvUser | Add-Member NoteProperty LogonDC ($LogonDC) $CsvUser | Add-Member NoteProperty LogonSite ($LogonSite) } Write-Output $CsvUser } function Get-ADUserLastLogon { param ( [Parameter(ValueFromPipeline = $true, Mandatory = $true)] [Alias("User")] [Microsoft.ActiveDirectory.Management.ADUser] $ADUser, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("Site")] [String] $LogonSite = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name, [Parameter(ValueFromPipeline = $false, Mandatory = $false)] [Alias("Since")] [Int] $LogonSince ) if ($LogonSite -eq "*") { $DCs = Get-ADDomainController -Filter {Name -like "*"} } else { $DCs = Get-ADDomainController -Filter {Site -eq "$LogonSite"} } $LastLogonDT = 0 foreach($DC in $DCs) { $LogonDC = $DC.HostName $LogonUser = Get-ADUser $ADUser.DistinguishedName -Server $DC.HostName -Properties LastLogonDate if ($LogonUser.LastLogonDate -gt $LastLogonDT) { $LastLogonDT = $LogonUser.LastLogonDate $LogonDC = $DC.HostName $LogonSite = (Get-ADDomainController $DC.HostName).Site } } List-ADUserLastLogon -User $LogonUser -DT $LastLogonDT -DC $LogonDC -Site $LogonSite -Since $LogonSince }

List AD Users LastLogon : display or export to .csv

Syntax: Get-ADUserLastLogon -User <ADUSerObject> -Site { <SiteName> | * } -Since <Days>

Examples:
1. Display LastLogon Date of all Users which account is stored in MyOU, working on MySite and who logged in past 30 days :
Get-ADUser -Filter {Name -like "*"} -SearchBase "OU=MyOU,DC=MyDom,DC=MyRoot" -SearchScope "Subtree" -ResultPageSize 10 -ResultSetSize $null
| ForEach-Object { Get-ADUserLastLogon -User $_ -Site "MySite" -Since 30 }
| Sort -Property LastLogonDate
| Format-Table -Property SamAccountName, LastLogonDate, LogonSite, LogonDC, DistinguishedName -AutoSize

2. Display LastLogon Date and Time of all Users which account is stored in MyDom, working on current Site, whenever they already logged or not:
Get-ADUser -Filter {Name -like "*"} -SearchBase "DC=MyDom,DC=MyRoot" -SearchScope "Subtree" -ResultPageSize 10 -ResultSetSize $null
| ForEach-Object { Get-ADUserLastLogon -User $_ }
| Sort -Property LastLogonDate
| Format-Table -Property SamAccountName, LastLogonDate, LastLogonTime, LogonSite, LogonDC, DistinguishedName -AutoSize

3. Export to CSV LastLogon Date and Time of all Users which account is stored in MyCN, working on all Sites(*), whenever they already logged or not:
Get-ADUser -Filter {Name -like "*"} -SearchBase "CN=MyCN,DC=MyDom,DC=MyRoot" -SearchScope "OneLevel" -ResultPageSize 10 -ResultSetSize $null
| ForEach-Object { Get-ADUserLastLogon -User $_ -Site "*" }
| Export-Csv $env:USERPROFILE\Desktop\UsersLastLogon.csv -NoTypeInformation
(*) Be sure to be able to connect all Sites, be aware that digging all DC from all Sites can be time, memory and CPU consuming.

For each user from LDAP path you provide, this script checks all Domain Controllers from one Site or all Sites, keeps only the most recent LastLogon Date and Time, displays or outputs results into CSV file. Results can be filtered specifying number of last days within you want check LastLogon.

Pour chaque utilisateur présent dans le conteneur AD dont vous indiquez le chemin (DN), le script interroge tous les Contrôleurs de Domaine d'un Site ou de tous les Sites. Il relève les Date et Heure de la plus récente connexion et permet de les afficher ou de les exporter au format CSV. On peut spécifier le nombre de jours maximum à remonter dans le passé pour filtrer les résultats : par ex., afficher les LastLogon des 6 derniers mois (180 jours).