Add last login time to script help

This topic contains 2 replies, has 3 voices, and was last updated by  Robert Derickson 2 years, 5 months ago.

  • Author
    Posts
  • #25340

    Jake Sully
    Participant

    Howdy
    I am trying to figure out how I can query for the last login time to each server I run this script against. I don't need the last login time to the domain, only the last login time for the "local accounts" on the server the account exists on.

    Can anyone assist? I know the data is in the SAM DB on each system.

    I found a string that is supposed to pull this info, but I am unsure of where to add it into this script

    LastLogin = $(([ADSI]"WinNT://$($computername)/$($name)").lastlogin)

    #>

    Param
    (
    [Parameter(Position=0,Mandatory=$false)]
    [ValidateNotNullorEmpty()]
    [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
    [Parameter(Position=1,Mandatory=$false)]
    [Alias('un')][String[]]$AccountName,
    [Parameter(Position=2,Mandatory=$false)]
    [Alias('cred')][System.Management.Automation.PsCredential]$Credential
    )

    $Obj = @()

    Foreach($Computer in $ComputerName)
    {
    If($Credential)
    {
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
    }
    else
    {
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
    }

    Foreach($LocalAccount in $AllLocalAccounts)
    {
    $Object = New-Object -TypeName PSObject

    $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
    $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
    $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
    $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
    $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
    $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
    $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
    $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
    $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
    $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
    $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
    $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
    $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
    $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description

    $Obj+=$Object
    }

    If($AccountName)
    {
    Foreach($Account in $AccountName)
    {
    $Obj|Where-Object{$_.Name -like "$Account"}
    }
    }
    else
    {
    $Obj
    }
    }

  • #25342

    Daniel Krebs
    Moderator

    Unfortunately the last login time is not stored in the SAM DB in recent OS versions. It would be better to rely on the "LastUseTime" of the Win32_UserProfile class. Filter for the SID to get the correct information.

    Get-CimInstance -ClassName Win32_UserProfile
    
    . . .
    LastUseTime                      : 18/05/2015 07:31:37
    . . 
    LocalPath                        : C:\Users\daniel
    . . .
    SID                              : S-1-5-21-123456790-1234567890-1234567890-1001
    . . .
    
  • #25362

    Robert Derickson
    Participant

    It looks like you want to add your lastlogon logic to the Foreach($LocalAccount in $AllLocalAccounts) loop. Then use Add-Member to add your $LastLogon variable as a property of your object.

You must be logged in to reply to this topic.