Hello Powershellers
I have a question which I believe I am 95% complete but I cannot seem to find the issue.
I am trying to get the last login of the users in my tenant as well as what service (Outlook / Sharepoint / etc) they used to log in.
I’ve ran a few scripts that give me results but nothing that I really need.
I am looking for a script (or a set of cmdlets) that would output me a CSV that would look something like this
Column A = UPN
Column B = Last Login
Column C = What they used to log in (Outlook / Sharepoint / Teams)
This is my script
$file = Import-Csv -Path "My_file_with_usernames.csv" -delimiter ","
foreach ($User in $file) {
Get-AzureADAuditSignInLogs -Filter "UserPrincipalName eq '$User'" -Top 1 | `
select CreatedDateTime, UserPrincipalName, IsInteractive, AppDisplayName, IpAddress, TokenIssuerType, @{Name = 'DeviceOS'; Expression = {$_.DeviceDetail.OperatingSystem}}
#write data to file
$userData += $OutputData;
$userData | Export-csv -path C:\Path-to-my-CSV -Append -Encoding UTF8
}
The purpose of this script is to go take everyone from Column A in my CSV (UserPrincipalName) and get the following info
Lastlogindate
Interactive login or not
What IP they are logging in from
What application they logged in from
OS
My current problem
I ran the line
Import-Module AzureADPreview
But I still get the same issue
Get-AzureADAuditSignInLogs : The term ‘Get-AzureADAuditSignInLogs’ is not recognized as the name of a cmdlet
Get-Module AzureADPreview
It does not return any version
But when I run
Install-Module AzureADPreview
It just skips to the next line
I’m running these commands on a powershell that has administrative rights
When I run the installer with the verbose command I get the following (Install-module AzureADPreview -Verbose)
VERBOSE: Using the provider 'PowerShellGet' for searching packages.
VERBOSE: The -Repository parameter was not specified. PowerShellGet will use all of the registered repositories.
VERBOSE: Getting the provider object for the PackageManagement Provider 'NuGet'.
VERBOSE: The specified Location is 'https://www.powershellgallery.com/api/v2' and PackageManagementProvider is 'NuGet'.
VERBOSE: Searching repository 'https://www.powershellgallery.com/api/v2/FindPackagesById()?id='AzureADPreview'' for ''.
VERBOSE: Total package yield:'1' for the specified package 'AzureADPreview'.
VERBOSE: Skipping installed module AzureADPreview 2.0.2.149.
This is my PS Version
Name Value
---- -----
PSVersion 5.1.22000.832
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.22000.832
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
I also have PS V7 installed on my machine (I don’t think it works on PS7) and when I run the command from PS7 I get the following output
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): a
VERBOSE: The installation scope is specified to be 'CurrentUser'.
VERBOSE: The specified module will be installed in 'C:\Users\Me\Documents\PowerShell\Modules'.
VERBOSE: Version '2.0.2.149' of module 'AzureADPreview' is already installed at 'C:\Program Files\WindowsPowerShell\Modules\AzureADPreview\2.0.2.149'.
Name Value
---- -----
PSVersion 7.2.7
PSEdition Core
GitCommitId 7.2.7
OS Microsoft Windows 10.0.22000
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Any help will be greatly appreciated!
Thank you very much