Find Last Domain Login Location via username

Welcome Forums General PowerShell Q&A Find Last Domain Login Location via username

This topic contains 2 replies, has 3 voices, and was last updated by

4 years, 1 month ago.

  • Author
  • #22256

    Points: 0
    Rank: Member

    I'm looking for some assistance in finding, where a service account last logged into a member server.


  • #22259

    Points: 133
    Team Member
    Rank: Participant

    As far as I know, there's no real direct way to do this. Every script example I've seen grabs a list of computers from AD, and then queries the computers for the last logged on user. You might consider running a script against a domain controller's security logs for a corresponding logon event. I'm away from my lab right now, but I'll see if I can whip something up. If you don't have access to a DC though, you might have to go the long way around with querying the machines.

  • #22260

    Points: 60
    Rank: Member

    If you end up needing to query locally, it sounds like something that a PowerShell Workflow is good for.

    workflow Get-LastLogonDate
            [string[]] $ComputerName
        foreach -parallel ($computer in $ComputerName)
            $result = Get-WmiObject -Class Win32_NetworkLoginProfile -PSComputerName $computer |
            Where-Object -Property Caption -EQ -Value 'usernamehere' |
            Select-Object -ExpandProperty LastLogon

    To use, set the value of the Caption property accordingly, and ensure $computers is an array with the list of servers to be scanned.

    Get-LastLogonDate -ComputerName $computers

The topic ‘Find Last Domain Login Location via username’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort