Author Posts

January 1, 2012 at 12:00 am

by Christopher.Ellis at 2013-02-14 07:23:59

What command syntax do I user for users lastlogon within 30 days ? Would the results vary if i run the query against a Domain controller and the user authenticates against another Domain Controller

I an new to powershell and not good at scripting. Thank you

by ArtB0514 at 2013-02-14 08:42:50

Use the lastLogonTimetamp property. It's replicated, so you won't need to check every domain controller. BUT, it's not guaranteed to be accurate for less than about 2 weeks. As long as you only care about less than 30 days (rather than abolute accuracy) you won't have any problems. See http://msdn.microsoft.com/en-us/library/windows/desktop/ms676824(v=vs.85).aspx for more detail.

by Christopher.Ellis at 2013-02-14 10:25:13

You have enlighted me on the replication of AD, however i do not know the syntax to query in powershell, the link attachment mentions the properties of last logon however what would I type at the powershell prompt?

by ArtB0514 at 2013-02-14 11:26:20

You will need either the Quest (http://www.quest.com/powershell/activeroles-server.aspx) or the Microsoft (part of the RSAT) active directory addins. Then a little script like this will collect the data for you:

Quest]$Since = (Get-Date).AddDays(-30).Date
$ActiveUsers = Get-QADUser | Where-Object {$_.lastLogonTimestamp -lt $Since}[/powershell]

Microsoft RSAT]$Since = (Get-Date.AddDays(-30).Date
$ActiveUsers = Get-ADUser -Filter * | Where-Object {$_.lastLogonTimestamp -lt $Since}[/powershell]

Then you have to decide what you want to do with the collection of user information that has been stored in the $ActiveUsers array.

For more information about PowerShell and how to use it, I suggest that you check out http://social.technet.microsoft.com/wiki/contents/articles/183.windows-powershell-survival-guide.aspx and the books section link at the top of this page.

by Christopher.Ellis at 2013-02-19 09:16:13

I entered the following: get-aduser -filter * -property LastlogonTimeStamp

Sample results

DistinguishedName : CN=Sharon.Stull,OU=Head Office – 2713 Lancasterservices,DC=ca
Enabled : True
GivenName : Sharon
LastlogonTimeStamp : 130057575269700024
Name : Sharon.Stull
ObjectClass : user
ObjectGUID : 31869ab5-f5c4-496e-9f79-3e856d686c6c
SamAccountName : Sharon.Stull
SID : S-1-5-21-1140152784-10511339-5522801-4049
Surname : Stull
UserPrincipalName : Sharon.Stull@internal.xxxx.ca

question how do i get LastlogonTimeStamp : 130057575269700024 to be read in a proper format?

by ArtB0514 at 2013-02-19 10:11:57

Sorry about that. Quest does the conversion for you. With the Microsoft tools, you need to do this:
[System.DateTime]]
The easiest way is probably to do a Select-Object for the properties that you want during the data collection phase:
$Since = (Get-Date.AddDays(-30).Date
$ActiveUsers = Get-ADUser -Filter * | Where-Object {$_.lastLogonTimestamp -lt $Since} |
Select SamAccountName,Enabled,GivenName,SurName,@{Name='Last Logon';Expression={[System.DateTime]]
and add any other properties you need to that comma separated list.