Find Last Domain Login Location via username

I’m looking for some assistance in finding, where a service account last logged into a member server.


As far as I know, there’s no real direct way to do this. Every script example I’ve seen grabs a list of computers from AD, and then queries the computers for the last logged on user. You might consider running a script against a domain controller’s security logs for a corresponding logon event. I’m away from my lab right now, but I’ll see if I can whip something up. If you don’t have access to a DC though, you might have to go the long way around with querying the machines.

If you end up needing to query locally, it sounds like something that a PowerShell Workflow is good for.

workflow Get-LastLogonDate

        [string[]] $ComputerName


    foreach -parallel ($computer in $ComputerName)
        $result = Get-WmiObject -Class Win32_NetworkLoginProfile -PSComputerName $computer |
        Where-Object -Property Caption -EQ -Value 'usernamehere' |
        Select-Object -ExpandProperty LastLogon

To use, set the value of the Caption property accordingly, and ensure $computers is an array with the list of servers to be scanned.

Get-LastLogonDate -ComputerName $computers