Get User Last Login from Windows
-
You have to be using PowerShell 5.1 and up.
-
Never needed this information before but I will add it to my list of one-liners to use if I ever need to.
-
@dustinb3403 said in Get User Last Login from Windows:
@nerdydad
Get-ADUser -Identity “username” -Properties “LastLogonDate”Not using AD here.
-
@scottalanmiller We use this script to check user activities as we're not always updated when users are gone in high churn environments among other uses:
Mohamed Garrana's script here:
https://social.technet.microsoft.com/Forums/en-US/216fe6ec-84de-4516-9110-12cc0a7ea9b0/is-there-a-way-to-add-the-last-login-timedate-in-ad-to-an-excel-columnEDIT: Just saw the lack of AD. Peer-to-peer makes this a challenge.
-
On a domain, it is kinda of hard to get the accurate logon date if you have multiple DCs and the attribute syncs randomly as users connect through Different DCs in that same manner even if you had only one DNS Server setup.
-
@dbeato said in Get User Last Login from Windows:
On a domain, it is kinda of hard to get the accurate logon date if you have multiple DCs and the attribute syncs randomly as users connect through Different DCs in that same manner even if you had only one DNS Server setup.
Yeah, kind of a huge weakness in AD. The kind of info you'd like to have be clear, concise, easily at hand, and very accurate is something AD actually breaks and makes extremely difficult (and/or costly) to provide.
-
@dbeato said in Get User Last Login from Windows:
On a domain, it is kinda of hard to get the accurate logon date if you have multiple DCs and the attribute syncs randomly as users connect through Different DCs in that same manner even if you had only one DNS Server setup.
Any way of combining Get-ADComputer and Get-ADUser to improve the accuracy?
-
@black3dynamite said in Get User Last Login from Windows:
@dbeato said in Get User Last Login from Windows:
On a domain, it is kinda of hard to get the accurate logon date if you have multiple DCs and the attribute syncs randomly as users connect through Different DCs in that same manner even if you had only one DNS Server setup.
Any way of combining Get-ADComputer and Get-ADUser to improve the accuracy?
Lots of scripting
-
@dbeato said in Get User Last Login from Windows:
On a domain, it is kinda of hard to get the accurate logon date if you have multiple DCs and the attribute syncs randomly as users connect through Different DCs in that same manner even if you had only one DNS Server setup.
If there are several sites then one can run the poll against the local DC by running the script there.
It should be able to be tweaked to poll all DCs in the forest if need be. I've not had a need to.
In the same domain where replication is not delimited by WAN Link timing the results should be pretty accurate no matter the DC count.
-
Via the ActiveDir list:
https://github.com/CarlWebster
There are some amazing scripts in there for ADDS but also for XenApp, NetScaler, Citrix, and others.
Site: https://carlwebster.com/downloads/download-info/active-directory-2/
