I’m looking for some assistance in finding, where a service account last logged into a member server.
Thanks
As far as I know, there’s no real direct way to do this. Every script example I’ve seen grabs a list of computers from AD, and then queries the computers for the last logged on user. You might consider running a script against a domain controller’s security logs for a corresponding logon event. I’m away from my lab right now, but I’ll see if I can whip something up. If you don’t have access to a DC though, you might have to go the long way around with querying the machines.
If you end up needing to query locally, it sounds like something that a PowerShell Workflow is good for.
workflow Get-LastLogonDate
{
Param
(
[string[]] $ComputerName
)
foreach -parallel ($computer in $ComputerName)
{
$result = Get-WmiObject -Class Win32_NetworkLoginProfile -PSComputerName $computer |
Where-Object -Property Caption -EQ -Value 'usernamehere' |
Select-Object -ExpandProperty LastLogon
"$env:computername,$result"
}
}
To use, set the value of the Caption property accordingly, and ensure $computers is an array with the list of servers to be scanned.
Get-LastLogonDate -ComputerName $computers