Active Directory User Accounts without Activity

Greetings All community members!
How can I create a Powershell script that checks Active Directory User Accounts that have not logged in for more than several months?
I have text file with the user accounts to check for (one account per row of the text file or comma delimited), and I’d like to use that list as input file, then check AD to see if the account has not logged in for a certain number of months (perhaps prompt how many months to test for or use a fixed period say 2 months is ok). Then output positive results to an xml or text file.
Is that too complicated to do in Powershell?

Thank You a lot for providing a good script to perform such task.

That’s not a free script shop here. It’s a peer to peer forum where IT professionals help each other with scripts they wrote by themself.

Regardless of that - what you’ve just asked for has been asked thousands of times here and all other Powershell related forums. Show a little effort and search for it. You will find something what’s adaptable to your needs.

there are multiple examples of how to do this online.

however, make sure you understand what you are checking against, as lastlogondate isn’t a truly accurate indicator once you have more than 1 domain controller.

Prior to put this question in the forum, I did my own testing and research; did not work whatsoever, is very evident.
Yet I do not need you to tell me what this forum is for or what can or can not be done. Keep your comments for your self and if you did not like the question; Do not participate! that is if you will come up with that kind of crap you wrote.
Perhaps you should create your own forum and set your own rules there; this forum is not solely for the purpose your own subjective opinion describes. Cut it short and stay away from my posts.

Thank You for your positive advice.

.... Prior to put this question in the forum, I did my own testing and research ....
You did not say that - how should we know that - neither you showed any of you code.
.... did not work whatsoever, is very evident. ...
What exactly did not work? Did you get errors? Along with the code you wrote you could have posted the errors you had.
.... Keep your comments for your self and if you did not like the question; Do not participate! ...
Sorry. It's a free world. And I'am allowed to say my opinion just like you are. If you don't like others to comment about what you do you might stay out of the internet. If I sounded rude for you I appologize - that was not my intention. As you propably know a lot of us trying to help here and in other forums have another native language than english and some things might get lost in translation. So I'd like to ask for a little bit of composure and indulgence.
... Cut it short and stay away from my posts. ...
;-) No no ... never ... :-D Hava a nice day. Olaf

It’s all about knowing the right search keywords.

Try adapting one of those examples for your own needs, and if it still does not work, post your attempt here and people will be happy to give you pointers.

Even Olaf. :slight_smile:

Olaf, that is a Great reference. I saw samples there that truly helped me out. Thank You. Best Regards.

You can try this script :

get-aduser -filter * -searchscope subtree -searchbase “dc=tda,dc=internal” -properties DisplayName,lastlogontimestamp | ? {(((Get-date) - ([datetime]::FromFileTime($.lastlogontimestamp))).TotalDays -gt 90)} | select DisplayName,samaccountname,Userprincipalname,@{Exp={([datetime]::FromFileTime($.lastlogontimestamp))};label=“Last logon time stamp”} | export-csv “users_not_logged_longer_than_90_days.csv” -NoTypeInformation -Delimiter “;”

Here are few links for your reference

Be wary of lastlogontimestamp for anything critical. It is not immediately updated, it can be delayed by days depending on the AD configuration. It can also be updated by things other than interactive logons causing a false report of activity. There’s no substitute for polling all of the domain controllers for lastlogon if you want an accurate and immediate picture of activity. It is much more time consuming, and if you need to do it often there are asynchronous approaches to speed things up.

Here’s an example from a domain I work with, it has 6 DCs.

lastlogon             lastlogontimestamp
---------             ------------------
1/27/2018 9:40:00 AM  1/18/2018 2:15:28 PM
1/27/2018 9:08:02 AM  1/18/2018 2:15:28 PM
1/26/2018 9:58:37 PM  1/18/2018 2:15:28 PM
1/26/2018 2:13:56 PM  1/18/2018 2:15:28 PM
6/23/2017 1:54:51 PM  1/18/2018 2:15:28 PM
10/23/2013 9:55:44 PM 1/18/2018 2:15:28 PM

Thanks for the observation. Also, the is the propertyname (lastlogon) changed to “LastLogonDate” in PS version 5?

Thank you for the PS query. A nice one-liner. I’m testing it.
Is the propertyname (lastlogon) changed to “LastLogonDate” in PS version 5?

LastLogonDate is the human readable (local time) value returned by the AD cmdlets. LastLogon will be a UTC 64bit int that you need to convert if you want it in a specific format/time zone.