I am newbie to Powershell realm. I am trying to extract some information from Active Directory about a domain computer. Please kindly assist me.
I have a domain Windows 10 computer. I would like to use powershell cmdlet to find out who has last logged in to that computer as a domain user or the recent user that has logged into that particular computer. I did google search and found the following cmdlet but it is giving an error-
Cmdlet: Get-UserLogon -Computer comp45456
error: the term get-userlogon is not recognised as the the name of a cmdlet, function, script--------
I am using this cmdlet on my Windows 10 computer with powershell version 5.1 and has access to Active directory users and computers.
There is no such cmdlet built in. You will have to write it yourself or search for something suitable in the PowershellGallery or TechnetGallery or whatever. Probably it would be helpful to learn more about Windows system in general. The information you’re after is contained in the event log of the computer.
Don’t believe in handing someone an answer so I will just say if you use Get-Eventlog and the event ID (instance ID) I think its 4624 you should be able to get what you need fairly easily. Use where to filter out for the name your looking for.
I agree with Olaf. You should look into understanding the windows OS and it’s components. By learning the OS, you’ll be able to better understand what you’ll need to do to achieve the outcome you’ve been task to do and it will help you with support the scripts you write. I recommend using a third party logging application in the meantime so you don’t have to worry about the support of it and leave that on the vendor. You could even consider using SCOM to collect event IDs of logged on users and query SCOM for a report of last logged on user.
[quote quote=188752]There is no such cmdlet built in. You will have to write it yourself or search for something suitable in the PowershellGallery or TechnetGallery or whatever. Probably it would be helpful to learn more about Windows system in general. The information you’re after is contained in the event log of the computer.
[/quote]
Thank you Olaf for the links to important resources for learning. I already wasted couple of hours trying to find out such cmdlet when there is no such one. I am at the moment just using basic cmdlet as a starter. I don’t know about scripting.
I agree with Olaf. You should look into understanding the windows OS and it’s components. By learning the OS, you’ll be able to better understand what you’ll need to do to achieve the outcome you’ve been task to do and it will help you with support the scripts you write. I recommend using a third party logging application in the meantime so you don’t have to worry about the support of it and leave that on the vendor. You could even consider using SCOM to collect event IDs of logged on users and query SCOM for a report of last logged on user.
[/quote]
Thank you BenT! This computer is a domain computer and it is has been idle for couple of months in AD ( confirmed from connectwise tool) and located in different branch office. I don’t have physical access to look at event log. I just can confirm that I need to learn more about PowerShell scripting to find the necessary information as I require.
You don’t need to have physical access to query the event log of a remote computer. Please read the complete help for Get-WinEvent I linked above including the examples to learn how to use it.