Author Posts

January 29, 2015 at 8:16 am

I'm looking for some assistance in finding, where a service account last logged into a member server.

Thanks

January 29, 2015 at 8:49 am

As far as I know, there's no real direct way to do this. Every script example I've seen grabs a list of computers from AD, and then queries the computers for the last logged on user. You might consider running a script against a domain controller's security logs for a corresponding logon event. I'm away from my lab right now, but I'll see if I can whip something up. If you don't have access to a DC though, you might have to go the long way around with querying the machines.

January 29, 2015 at 9:40 am

If you end up needing to query locally, it sounds like something that a PowerShell Workflow is good for.


workflow Get-LastLogonDate
{
    Param
    (

        [string[]] $ComputerName

    )

    foreach -parallel ($computer in $ComputerName)
    {
        $result = Get-WmiObject -Class Win32_NetworkLoginProfile -PSComputerName $computer |
        Where-Object -Property Caption -EQ -Value 'usernamehere' |
        Select-Object -ExpandProperty LastLogon
        "$env:computername,$result"
    }
} 

To use, set the value of the Caption property accordingly, and ensure $computers is an array with the list of servers to be scanned.

Get-LastLogonDate -ComputerName $computers