Get-ADuser 'LastLogon' empty, but ADSI Edit has information?

Welcome Forums General PowerShell Q&A Get-ADuser 'LastLogon' empty, but ADSI Edit has information?

This topic contains 3 replies, has 3 voices, and was last updated by

 
Keymaster
1 month ago.

  • Author
    Posts
  • #124095

    Participant
    Points: 46
    Rank: Member

    Hi all,

     

    I have been reuqested to report on last logins for users...I have tried Get-ADUser:

    
    get-aduser -filter {enabled -eq $True} -properties lastlogontimestamp, passwordlastset, passwordneverexpires |ft Name, passwordlastset, passwordneverexpires, @{Name="Last Logon";Expression={([datetime]::FromFileTime($_.LastLogonTimeStamp))}} | Out-File -file "$ADReports\$D Password and Logons $Date.txt"
    
    

    but alot of the entries are blank.  When I query the user specifically, LastLogonTimeStamp is empty...however, if I use ADSIEdit, and browse to the correct OU, I can see there is data stored for that user?  There's only one Domain Controller aswell, so can't work out why I'm not reproducing the same result with Get-ADuser...is there anything I need to synchronise for the ADSIEdit information to populate with Get-ADuser?

     

    Thanks

     

    Jason

  • #124166

    Participant
    Points: 264
    Helping Hand
    Rank: Contributor

    There are different "lastLogon" attributes. Maybe you're using the wrong one. See the answer from Richard Mueller in this thread. It might help you.

    https://social.technet.microsoft.com/Forums/office/en-US/eba1b4da-dc88-42db-b596-fdfb8f8222db/powershell-getaduser-question?forum=ITCG#e1657a61-6979-4f3d-bf0c-c4d2d17dd4ed

    Edit: If I understand it right you should use the attribute lastLogon and you will have to "calculate" it to make it human readable. Something like this should work actually

    Get-ADUser -Identity "sAMAccountName" -Properties lastLogon,LastLogonDate | 
        Select-Object *,@{Name='LastLogonReadable';Expression={  [DateTime]::FromFileTime($_.LastLogon)  }}
  • #124172

    Participant
    Points: 46
    Rank: Member

    hi, thanks Olaf, no luck I'm afraid....just tested on a user:

     

    
    DistinguishedName :
    GivenName : Mark
    LastLogonDate :
    Name :
    ObjectClass : user
    ObjectGUID : 03382a95-c4fb-4cd3-b489-a1dc9d00748b
    SamAccountName :
    SID : S-1-5-21-2103417339-1537711377-xxxxxxx
    Surname :
    UserPrincipalName :
    Enabled :
    PropertyNames : {DistinguishedName, GivenName, LastLogon, LastLogonDate...}
    AddedProperties : {}
    RemovedProperties : {}
    ModifiedProperties : {}
    PropertyCount : 10
    LastLogonReadable : 01/01/1601 00:00:00
    
    

    however, if i go through ADSIEdit, I have entries for LastLogon and LastLogonTimestamp for the same user?

  • #124193

    Keymaster
    Points: 1,704
    Helping HandTeam Member
    Rank: Community Hero

    Bear in mind that LastLogon is not replicated – it's per-DC. So it's possible that ADSIEdit is connecting to a DC that has the data, which would be the one the user is authenticating to, but your command is connecting to something different.

    LastLogonTimestamp replicates, but on a "slow" track. It can take time to make it to every DC.

    It's worth reading up on how those two properties work, as they're pretty tricky to actually worth with due to the way AD itself is built.

     

You must be logged in to reply to this topic.