Using Powershell To Get User Last Logon Date

By |2019-08-08T12:58:39-05:00August 17th, 2017|Categories: Windows|Tags: , , , , |7 Comments
Share This:

As an Active Directory Administrator, determining the date that a user last logged onto the network could be important at some point. If you have access to the Attribute Editor in your Active Directory tools, you can look for the LastLogonDate attribute. The other option is to use Powershell, and there are two methods to access this information.

Using Get-ADUser

The first option basically gives you the same data that the Attribute Editor GUI would display. In Powershell, run this command to get the data you need, then scroll down the list and look for LastLogonDate.

Get-ADUser username -properties *

Powershell Script

The next method is to use the Powershell script below. Save this script as a .ps1 file and edit the username in the last line of the script (in bold below), then run it.

Import-Module ActiveDirectory

function Get-ADUserLastLogon([string]$userName)
{
$dcs = Get-ADDomainController -Filter {Name -like "*"}
$time = 0
foreach($dc in $dcs)
{
$hostname = $dc.HostName
$user = Get-ADUser $userName -Server $hostname | Get-ADObject -Properties lastLogon
if($user.LastLogon -gt $time)
{
$time = $user.LastLogon
}
}
$dt = [DateTime]::FromFileTime($time)
Write-Host $username "last logged on at:" $dt }

Get-ADUserLastLogon -UserName username


Share This:

 

Related Content

7 Comments

  1. Dave Smith March 20, 2019 at 10:41 pm - Reply

    This script doesn’t do what I need it to do.

    When I run the script on any of the computers within my domain it displays the following:

    PS C:\support\3-20-19> .\ll.ps1
    username last logged on at: 12/31/1600 4:00:00 PM
    PS C:\support\3-20-19>

    Even though I have last logged onto all of these computers today at 7:20 PM Pacific Time.

    Also, I need to be able to specify the name of the remote computer where I want to gather this information from.

    I don’t want to gather this information from all domain controllers, which is what this script appears to do.

    Please refer me to another source where I can get this type of script or provie me with the right kind of script that will do what I have outlined above.

    • asdasafas July 10, 2019 at 4:59 pm - Reply

      Demanding much?

      This attribute isn’t replicated between DCs so each DC needs to be checked.

      • Robert Russell July 11, 2019 at 7:03 am - Reply

        Exactly this. The script isn’t made to run on an individual workstation or server. If your environment authenticates to a domain controller at sign-in then you need to poll all of your domain controllers then filter out the most recent date/time.

        • Adam August 7, 2019 at 9:43 pm - Reply

          The script has an error. This line:
          $user = Get-ADUser $userName | Get-ADObject -Properties lastLogon

          should be:
          $user = Get-ADUser $userName -Server $hostname | Get-ADObject -Properties lastLogon

          As it stands, it is querying the same domain controller multiple times. The line above corrects it to query all domain controllers, and return the latest logon date.

  2. Curtis August 5, 2019 at 2:38 pm - Reply

    how would I get this to list all my users in AD? instead of typing in the username?

    • Adam August 7, 2019 at 9:48 pm - Reply

      As below:

      Import-Module ActiveDirectory

      function Get-ADUserLastLogon([string]$userName)
      {
      $dcs = Get-ADDomainController -Filter {Name -like “*”}
      $time = 0
      foreach($dc in $dcs)
      {
      $hostname = $dc.HostName
      $user = Get-ADUser $userName -Server $Hostname | Get-ADObject -Properties lastLogon
      if($user.LastLogon -gt $time)
      {
      $time = $user.LastLogon
      }
      }
      $dt = [DateTime]::FromFileTime($time)
      Write-Host $username “last logged on at:” $dt }

      $ADUsers = Get-ADUser -filter {enabled -eq $true}
      foreach ($ADuser in $ADUsers) {
      Get-ADUserLastLogon -UserName $ADuser
      }

      • Adam August 8, 2019 at 3:52 pm - Reply

        Actually, amend that to this:

        function Get-ADUserLastLogon([string]$userName)
        {
        $dcs = Get-ADDomainController -Filter {Name -like “*"}
        $time = 0
        foreach($dc in $dcs)
        {
        $hostname = $dc.HostName
        $user = Get-ADUser $userName -Server $Hostname | Get-ADObject -Properties lastLogon
        if($user.LastLogon -gt $time)
        {
        $time = $user.LastLogon
        }
        }
        $dt = [DateTime]::FromFileTime($time)
        Write-Host $username “last logged on at:" $dt }

        $ADUsers = Get-ADUser -filter {enabled -eq $true}
        foreach ($ADuser in $ADUsers) {
        Get-ADUserLastLogon -UserName $ADuser.SamAccountName
        }

        This could be improved so that there’s only one Get-ADUser call, but that should work fine as above.

Leave a Comment