How to use LastLogon to show who has not been logged in for 30 days?

• LastLogonDate can’t be used because 3rd parts equipment affects that value

Get-ADUser -SearchBase $SearchBase -Properties lastlogondate, lastlogon -Filter * | select name, lastlogondate, @{N=‘LastLogon’; E={[DateTime]::FromFileTime($_.LastLogon)}} | FT

name lastlogondate LastLogon

User1 08-09-2021 22:14:58 08-11-2018 12:30:49
User2 08-09-2021 22:15:03 11-11-2020 09:38:25
User3 08-09-2021 22:15:03 26-08-2019 11:34:00
User4 08-09-2021 22:15:03 26-08-2019 09:31:07
User5 07-09-2021 13:20:46 13-09-2021 17:21:22

Or

$_ = “User1”

DC Control - User

$(foreach($DC in ((Get-ADDomainController -Filter * | sort name).name)) {$User = Get-ADUser $_ -Properties lastlogon -server $dc | select name,lastlogon ; echo “$dc - $(w32tm /ntte $user.lastlogon)”} )

PS C:\Windows\system32> C:\Scripts\UserLogonDC.ps1
DC1 - 153351 08:38:25.0763322 - 11-11-2020 10:38:25
DC2 - 153329 09:44:02.4803801 - 20-10-2020 11:44:02
DC3 - 153363 17:28:24.5088852 - 23-11-2020 19:28:24

Hi, welcome to the forum

Firstly, when posting code (and output) in the forum, please can you use the preformatted text </> button. It really helps us with readability, and copying and pasting your code (we don’t have to faff about replacing curly quote marks to get things working).

Your second approach is the more correct one. The lastLogon attribute is not replicated so you need to query all the domain controllers and find the most recent value. This is the most accurate but least convenient way of determining the last logon.

LastLogonDate and LastLogonTimeStamp are essentially the same thing. The LastLogonDate is PowerShell’s calculation (it converts it to a human readable date format) of the LastLogonTimeStamp attribute.

Hello Conitec,

You should use LastLogonTimeStamp , it will be replicated between every DC (default is 14 days).

Here have a detailed explanation for it.
Dandelions, VCR Clocks, and Last Logon Times: These Are a Few of Our Least Favorite Things - Scripting Blog (microsoft.com)

And about the 3rd parts equipment, if the equipment need to communicate with DC, It should be counted.

Here’s a couple of functions I wrote to do the hard work for me. Each will query all dcs to find the latest logon for the specified user(s). The only difference between the functions is one requires the ad RSAT tools and the other doesn’t.