by Christopher.Ellis at 2013-02-14 07:23:59
What command syntax do I user for users lastlogon within 30 days ? Would the results vary if i run the query against a Domain controller and the user authenticates against another Domain Controllerby ArtB0514 at 2013-02-14 08:42:50
I an new to powershell and not good at scripting. Thank you
Use the lastLogonTimetamp property. It’s replicated, so you won’t need to check every domain controller. BUT, it’s not guaranteed to be accurate for less than about 2 weeks. As long as you only care about less than 30 days (rather than abolute accuracy) you won’t have any problems. See http://msdn.microsoft.com/en-us/library/windows/desktop/ms676824(v=vs.85).aspx for more detail.by Christopher.Ellis at 2013-02-14 10:25:13
You have enlighted me on the replication of AD, however i do not know the syntax to query in powershell, the link attachment mentions the properties of last logon however what would I type at the powershell prompt?by ArtB0514 at 2013-02-14 11:26:20
You will need either the Quest (http://www.quest.com/powershell/activeroles-server.aspx) or the Microsoft (part of the RSAT) active directory addins. Then a little script like this will collect the data for you:by Christopher.Ellis at 2013-02-19 09:16:13
Quest]$Since = (Get-Date).AddDays(-30).Date
$ActiveUsers = Get-QADUser | Where-Object {$.lastLogonTimestamp -lt $Since}[/powershell]
Microsoft RSAT]$Since = (Get-Date.AddDays(-30).Date
$ActiveUsers = Get-ADUser -Filter * | Where-Object {$.lastLogonTimestamp -lt $Since}[/powershell]
Then you have to decide what you want to do with the collection of user information that has been stored in the $ActiveUsers array.
For more information about PowerShell and how to use it, I suggest that you check out http://social.technet.microsoft.com/wiki/contents/articles/183.windows-powershell-survival-guide.aspx and the books section link at the top of this page.
I entered the following: get-aduser -filter * -property LastlogonTimeStampby ArtB0514 at 2013-02-19 10:11:57
Sample results
DistinguishedName : CN=Sharon.Stull,OU=Head Office - 2713 Lancasterservices,DC=ca
Enabled : True
GivenName : Sharon
LastlogonTimeStamp : 130057575269700024
Name : Sharon.Stull
ObjectClass : user
ObjectGUID : 31869ab5-f5c4-496e-9f79-3e856d686c6c
SamAccountName : Sharon.Stull
SID : S-1-5-21-1140152784-10511339-5522801-4049
Surname : Stull
UserPrincipalName : Sharon.Stull@internal.xxxx.ca
question how do i get LastlogonTimeStamp : 130057575269700024 to be read in a proper format?
Sorry about that. Quest does the conversion for you. With the Microsoft tools, you need to do this:[System.DateTime]]
The easiest way is probably to do a Select-Object for the properties that you want during the data collection phase:$Since = (Get-Date.AddDays(-30).Date
$ActiveUsers = Get-ADUser -Filter * | Where-Object {$_.lastLogonTimestamp -lt $Since} |
Select SamAccountName,Enabled,GivenName,SurName,@{Name='Last Logon';Expression={[System.DateTime]]
and add any other properties you need to that comma separated list.