Get-ADuser 'LastLogon' empty, but ADSI Edit has information?

Welcome Forums General PowerShell Q&A Get-ADuser 'LastLogon' empty, but ADSI Edit has information?

This topic contains 3 replies, has 3 voices, and was last updated by

9 months, 1 week ago.

  • Author
  • #124095

    Topics: 9
    Replies: 24
    Points: 46
    Rank: Member

    Hi all,


    I have been reuqested to report on last logins for users...I have tried Get-ADUser:

    get-aduser -filter {enabled -eq $True} -properties lastlogontimestamp, passwordlastset, passwordneverexpires |ft Name, passwordlastset, passwordneverexpires, @{Name="Last Logon";Expression={([datetime]::FromFileTime($_.LastLogonTimeStamp))}} | Out-File -file "$ADReports\$D Password and Logons $Date.txt"

    but alot of the entries are blank.  When I query the user specifically, LastLogonTimeStamp is empty...however, if I use ADSIEdit, and browse to the correct OU, I can see there is data stored for that user?  There's only one Domain Controller aswell, so can't work out why I'm not reproducing the same result with there anything I need to synchronise for the ADSIEdit information to populate with Get-ADuser?





  • #124166

    Topics: 1
    Replies: 1473
    Points: 2,329
    Helping Hand
    Rank: Community Hero

    There are different "lastLogon" attributes. Maybe you're using the wrong one. See the answer from Richard Mueller in this thread. It might help you.

    Edit: If I understand it right you should use the attribute lastLogon and you will have to "calculate" it to make it human readable. Something like this should work actually

    Get-ADUser -Identity "sAMAccountName" -Properties lastLogon,LastLogonDate | 
        Select-Object *,@{Name='LastLogonReadable';Expression={  [DateTime]::FromFileTime($_.LastLogon)  }}
  • #124172

    Topics: 9
    Replies: 24
    Points: 46
    Rank: Member

    hi, thanks Olaf, no luck I'm afraid....just tested on a user:


    DistinguishedName :
    GivenName : Mark
    LastLogonDate :
    Name :
    ObjectClass : user
    ObjectGUID : 03382a95-c4fb-4cd3-b489-a1dc9d00748b
    SamAccountName :
    SID : S-1-5-21-2103417339-1537711377-xxxxxxx
    Surname :
    UserPrincipalName :
    Enabled :
    PropertyNames : {DistinguishedName, GivenName, LastLogon, LastLogonDate...}
    AddedProperties : {}
    RemovedProperties : {}
    ModifiedProperties : {}
    PropertyCount : 10
    LastLogonReadable : 01/01/1601 00:00:00

    however, if i go through ADSIEdit, I have entries for LastLogon and LastLogonTimestamp for the same user?

  • #124193

    Topics: 13
    Replies: 4872
    Points: 1,843
    Helping HandTeam Member
    Rank: Community Hero

    Bear in mind that LastLogon is not replicated – it's per-DC. So it's possible that ADSIEdit is connecting to a DC that has the data, which would be the one the user is authenticating to, but your command is connecting to something different.

    LastLogonTimestamp replicates, but on a "slow" track. It can take time to make it to every DC.

    It's worth reading up on how those two properties work, as they're pretty tricky to actually worth with due to the way AD itself is built.


The topic ‘Get-ADuser 'LastLogon' empty, but ADSI Edit has information?’ is closed to new replies.