Active Directory User Accounts without Activity

Welcome Forums General PowerShell Q&A Active Directory User Accounts without Activity

This topic contains 12 replies, has 5 voices, and was last updated by

Ron
 
Participant
9 months, 2 weeks ago.

  • Author
    Posts
  • #92197

    Participant
    Points: 0
    Rank: Member

    Greetings All community members!
    How can I create a Powershell script that checks Active Directory User Accounts that have not logged in for more than several months?
    I have text file with the user accounts to check for (one account per row of the text file or comma delimited), and I'd like to use that list as input file, then check AD to see if the account has not logged in for a certain number of months (perhaps prompt how many months to test for or use a fixed period say 2 months is ok). Then output positive results to an xml or text file.
    Is that too complicated to do in Powershell?

    Thank You a lot for providing a good script to perform such task.
    Cheers!
    SM

  • #92200

    Participant
    Points: 154
    Helping Hand
    Rank: Participant

    That's not a free script shop here. It's a peer to peer forum where IT professionals help each other with scripts they wrote by themself.

    Regardless of that – what you've just asked for has been asked thousands of times here and all other Powershell related forums. Show a little effort and search for it. You will find something what's adaptable to your needs.

    • #92210

      Participant
      Points: 0
      Rank: Member

      Soyk,
      Prior to put this question in the forum, I did my own testing and research; did not work whatsoever, is very evident.
      Yet I do not need you to tell me what this forum is for or what can or can not be done. Keep your comments for your self and if you did not like the question; Do not participate! that is if you will come up with that kind of crap you wrote.
      Perhaps you should create your own forum and set your own rules there; this forum is not solely for the purpose your own subjective opinion describes. Cut it short and stay away from my posts.

    • #92213

      Participant
      Points: 154
      Helping Hand
      Rank: Participant

      .... Prior to put this question in the forum, I did my own testing and research ....

      You did not say that – how should we know that – neither you showed any of you code.

      .... did not work whatsoever, is very evident. ...

      What exactly did not work? Did you get errors? Along with the code you wrote you could have posted the errors you had.

      .... Keep your comments for your self and if you did not like the question; Do not participate! ...

      Sorry. It's a free world. And I'am allowed to say my opinion just like you are. If you don't like others to comment about what you do you might stay out of the internet. If I sounded rude for you I appologize – that was not my intention. As you propably know a lot of us trying to help here and in other forums have another native language than english and some things might get lost in translation. So I'd like to ask for a little bit of composure and indulgence.

      ... Cut it short and stay away from my posts. ...

      😉 No no ... never ... 😀
      Hava a nice day.
      Olaf

  • #92204

    Participant
    Points: 14
    Rank: Member

    there are multiple examples of how to do this online.

    however, make sure you understand what you are checking against, as lastlogondate isn't a truly accurate indicator once you have more than 1 domain controller.

    • #92212

      Participant
      Points: 0
      Rank: Member

      David,
      Thank You for your positive advice.
      Cheers!

  • #92240
    Ron

    Participant
    Points: 0
    Rank: Member

    It's all about knowing the right search keywords.

    https://goo.gl/6FgyVC

    Try adapting one of those examples for your own needs, and if it still does not work, post your attempt here and people will be happy to give you pointers.

    Even Olaf. 🙂

    • #92308

      Participant
      Points: 0
      Rank: Member

      Olaf, that is a Great reference. I saw samples there that truly helped me out. Thank You. Best Regards.

  • #92347

    Inactive
    Points: 0
    Rank: Member

    You can try this script :

    get-aduser -filter * -searchscope subtree -searchbase "dc=tda,dc=internal" -properties DisplayName,lastlogontimestamp | ? {(((Get-date) – ([datetime]::FromFileTime($_.lastlogontimestamp))).TotalDays -gt 90)} | select DisplayName,samaccountname,Userprincipalname,@{Exp={([datetime]::FromFileTime($_.lastlogontimestamp))};label="Last logon time stamp"} | export-csv "users_not_logged_longer_than_90_days.csv" -NoTypeInformation -Delimiter ";"

    Here are few links for your reference
    https://gallery.technet.microsoft.com/Active-Directory-Inactive-1527271c

    http://www.out-null.eu/2014/04/17/howto-find-all-users-in-active-directory-who-havent-logged-in-longer-than-90-days/
    https://www.lepide.com/how-to/track-last-logon-date-and-time-for-active-directory-users.html

    • #92461

      Participant
      Points: 0
      Rank: Member

      Edwin,
      Thank you for the PS query. A nice one-liner. I'm testing it.
      P.s.
      Is the propertyname (lastlogon) changed to "LastLogonDate" in PS version 5?
      VR,
      PowerHitter

  • #92362
    Ron

    Participant
    Points: 0
    Rank: Member

    Be wary of lastlogontimestamp for anything critical. It is not immediately updated, it can be delayed by days depending on the AD configuration. It can also be updated by things other than interactive logons causing a false report of activity. There's no substitute for polling all of the domain controllers for lastlogon if you want an accurate and immediate picture of activity. It is much more time consuming, and if you need to do it often there are asynchronous approaches to speed things up.

    Here's an example from a domain I work with, it has 6 DCs.

    lastlogon             lastlogontimestamp
    ---------             ------------------
    1/27/2018 9:40:00 AM  1/18/2018 2:15:28 PM
    1/27/2018 9:08:02 AM  1/18/2018 2:15:28 PM
    1/26/2018 9:58:37 PM  1/18/2018 2:15:28 PM
    1/26/2018 2:13:56 PM  1/18/2018 2:15:28 PM
    6/23/2017 1:54:51 PM  1/18/2018 2:15:28 PM
    10/23/2013 9:55:44 PM 1/18/2018 2:15:28 PM
    • #92458

      Participant
      Points: 0
      Rank: Member

      Ron,
      Thanks for the observation. Also, the is the propertyname (lastlogon) changed to "LastLogonDate" in PS version 5?
      VR,
      PowerHitter

    • #92519
      Ron

      Participant
      Points: 0
      Rank: Member

      LastLogonDate is the human readable (local time) value returned by the AD cmdlets. LastLogon will be a UTC 64bit int that you need to convert if you want it in a specific format/time zone.

The topic ‘Active Directory User Accounts without Activity’ is closed to new replies.