but alot of the entries are blank. When I query the user specifically, LastLogonTimeStamp is empty…however, if I use ADSIEdit, and browse to the correct OU, I can see there is data stored for that user? There’s only one Domain Controller aswell, so can’t work out why I’m not reproducing the same result with Get-ADuser…is there anything I need to synchronise for the ADSIEdit information to populate with Get-ADuser?
Edit: If I understand it right you should use the attribute lastLogon and you will have to “calculate” it to make it human readable. Something like this should work actually
Bear in mind that LastLogon is not replicated - it’s per-DC. So it’s possible that ADSIEdit is connecting to a DC that has the data, which would be the one the user is authenticating to, but your command is connecting to something different.
LastLogonTimestamp replicates, but on a “slow” track. It can take time to make it to every DC.
It’s worth reading up on how those two properties work, as they’re pretty tricky to actually worth with due to the way AD itself is built.