Find Last Domain Login Location via username

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Tim Pringle Tim Pringle 1 year, 10 months ago.

  • Author
    Posts
  • #22256
    Profile photo of Jared Derby
    Jared Derby
    Participant

    I'm looking for some assistance in finding, where a service account last logged into a member server.

    Thanks

  • #22259
    Profile photo of Will Anderson
    Will Anderson
    Keymaster

    As far as I know, there's no real direct way to do this. Every script example I've seen grabs a list of computers from AD, and then queries the computers for the last logged on user. You might consider running a script against a domain controller's security logs for a corresponding logon event. I'm away from my lab right now, but I'll see if I can whip something up. If you don't have access to a DC though, you might have to go the long way around with querying the machines.

  • #22260
    Profile photo of Tim Pringle
    Tim Pringle
    Participant

    If you end up needing to query locally, it sounds like something that a PowerShell Workflow is good for.

    
    workflow Get-LastLogonDate
    {
        Param
        (
    
            [string[]] $ComputerName
    
        )
    
        foreach -parallel ($computer in $ComputerName)
        {
            $result = Get-WmiObject -Class Win32_NetworkLoginProfile -PSComputerName $computer |
            Where-Object -Property Caption -EQ -Value 'usernamehere' |
            Select-Object -ExpandProperty LastLogon
            "$env:computername,$result"
        }
    } 
    

    To use, set the value of the Caption property accordingly, and ensure $computers is an array with the list of servers to be scanned.

    Get-LastLogonDate -ComputerName $computers
    

You must be logged in to reply to this topic.