As an Active Directory Administrator, determining the date that a user last logged onto the network could be important at some point. If you have access to the Attribute Editor in your Active Directory tools, you can look for the LastLogonDate attribute. The other option is to use Powershell, and there are two methods to access this information.
Using Get-ADUser
The first option basically gives you the same data that the Attribute Editor GUI would display. In Powershell, run this command to get the data you need, then scroll down the list and look for LastLogonDate.
Get-ADUser username -properties *
Powershell Script
The next method is to use the Powershell script below. Save this script as a .ps1 file and edit the username in the last line of the script (in bold below), then run it.
Import-Module ActiveDirectory
function Get-ADUserLastLogon([string]$userName)
{
$dcs = Get-ADDomainController -Filter {Name -like "*"}
$time = 0
foreach($dc in $dcs)
{
$hostname = $dc.HostName
$user = Get-ADUser $userName -Server $hostname | Get-ADObject -Properties lastLogon
if($user.LastLogon -gt $time)
{
$time = $user.LastLogon
}
}
$dt = [DateTime]::FromFileTime($time)
Write-Host $username "last logged on at:" $dt }
Get-ADUserLastLogon -UserName username
This script doesn’t do what I need it to do.
When I run the script on any of the computers within my domain it displays the following:
PS C:\support\3-20-19> .\ll.ps1
username last logged on at: 12/31/1600 4:00:00 PM
PS C:\support\3-20-19>
Even though I have last logged onto all of these computers today at 7:20 PM Pacific Time.
Also, I need to be able to specify the name of the remote computer where I want to gather this information from.
I don’t want to gather this information from all domain controllers, which is what this script appears to do.
Please refer me to another source where I can get this type of script or provie me with the right kind of script that will do what I have outlined above.
Demanding much?
This attribute isn’t replicated between DCs so each DC needs to be checked.
Exactly this. The script isn’t made to run on an individual workstation or server. If your environment authenticates to a domain controller at sign-in then you need to poll all of your domain controllers then filter out the most recent date/time.
The script has an error. This line:
$user = Get-ADUser $userName | Get-ADObject -Properties lastLogon
should be:
$user = Get-ADUser $userName -Server $hostname | Get-ADObject -Properties lastLogon
As it stands, it is querying the same domain controller multiple times. The line above corrects it to query all domain controllers, and return the latest logon date.
how would I get this to list all my users in AD? instead of typing in the username?
As below:
Import-Module ActiveDirectory
function Get-ADUserLastLogon([string]$userName)
{
$dcs = Get-ADDomainController -Filter {Name -like “*”}
$time = 0
foreach($dc in $dcs)
{
$hostname = $dc.HostName
$user = Get-ADUser $userName -Server $Hostname | Get-ADObject -Properties lastLogon
if($user.LastLogon -gt $time)
{
$time = $user.LastLogon
}
}
$dt = [DateTime]::FromFileTime($time)
Write-Host $username “last logged on at:” $dt }
$ADUsers = Get-ADUser -filter {enabled -eq $true}
foreach ($ADuser in $ADUsers) {
Get-ADUserLastLogon -UserName $ADuser
}
Actually, amend that to this:
function Get-ADUserLastLogon([string]$userName)
{
$dcs = Get-ADDomainController -Filter {Name -like “*”}
$time = 0
foreach($dc in $dcs)
{
$hostname = $dc.HostName
$user = Get-ADUser $userName -Server $Hostname | Get-ADObject -Properties lastLogon
if($user.LastLogon -gt $time)
{
$time = $user.LastLogon
}
}
$dt = [DateTime]::FromFileTime($time)
Write-Host $username “last logged on at:” $dt }
$ADUsers = Get-ADUser -filter {enabled -eq $true}
foreach ($ADuser in $ADUsers) {
Get-ADUserLastLogon -UserName $ADuser.SamAccountName
}
This could be improved so that there’s only one Get-ADUser call, but that should work fine as above.