none
script to list all users in ACTIVE Directory with user ID and date of last logon

    Question


  • Hi Guys,

    I am looking for a script which will list all users in ACTIVE Directory with user ID and date of last logon

    Thanks,

    Alex

    Alex

    Sunday, May 20, 2012 11:18 AM

Answers

  • hi Alex,

    if you need a script that works on all Domaincontrollers nevertheless what operatingsystem they run try this code:

    $RootDSE=[ADSI]"LDAP://rootDSE"
    $obj="LDAP://"+$rootDSE.Defaultnamingcontext
    $domain=New-Object System.DirectoryServices.DirectoryEntry($obj)
    
    $searcher=new-object system.DirectoryServices.DirectorySearcher
    $searcher.searchroot=$Domain
    $searcher.Filter="(objectclass=user)"
    $searcher.pagesize=1
    $searcher.searchscope="subtree"
    $proplist="samaccountname","lastlogon"
    foreach ($i in $proplist) {$searcher.propertiesToLoad.add($i)}
    $results = $searcher.FindAll()
    
    foreach ($i in $results) {
    write-host $i.properties.samaccountname $([datetime]::fromFileTime([int64](($i.properties.lastlogon)[0])))
    }
    
    

    Kind regards

      Thomas


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

    Sunday, May 20, 2012 1:14 PM
  • I have an example PowerShell script, PSLastLogon.ps1, to retrieve the lastLogon date for all users in the domain linked here:

    http://www.rlmueller.net/Last%20Logon.htm

    Also on the page is a link to PSLastLogon2.ps1, which uses the AD modules for the same purpose. Both scripts document the distinguished names and lastLogon dates for the users. If instead you want the "pre-Windows 2000 logon" names, you must modify the final loop where the hash table is enumerated as follow:

    # Output latest last logon date for each user.
    $Users = $arrUsers.Keys
    ForEach ($DN In $Users)
    {
        $Date = $arrUsers["$DN"]
        $User = [ADSI]"LDAP://$DN"
        $Name = $User.sAMAccountName
        "$Name;$Date"
    }

    -----

    This will be considerably slower, as it requires binding to every user object in AD. If this is a concern, the script will be faster (but more complicated) if you use the NameTranslate object to convert the distinguishedNames into sAMAccountNames. Reply if you need this.

    Also, if lastLogonTimeStamp meets your needs (accurate to within 14 days), a script to retrieve this would be much simpler, since the attribute is replicated so you only need one query (one DC). A PowerShell V2 script using the AD modules to retrieve lastLogonTimeStamp could be similar to (one line):

    Get-ADUser -filter * -SearchBase 'ou=Offices,DC=contoso,DC=com' -Properties LastLogonTimeStamp | Select sAmAccountName,@{label="LastLogonTimeStamp";Expression={if($_.LastLogonTimeStamp){[datetime]::FromFileTime([Int64]$_.LastLogonTimeStamp)} Else {"Never"}}}

    -----



    Richard Mueller - MVP Directory Services


    Sunday, May 20, 2012 7:16 PM

All replies

  • Hi Guys,

    I am looking for a script which will list all users in ACTIVE Directory with user ID and date of last logon .

    Thanks,

    Alex


    Alex

    Sunday, May 20, 2012 10:16 AM
  • Get-ADUser -Filter * -Properties lastLogontimeStamp,EmployeeID | select *,@{n="LastLogon";e={[datetime]::FromFileTime($_.lastLogontimeStamp)}}

    LastLogonTimeStamp Attribute - “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”
    • Edited by KazunMVP Sunday, May 20, 2012 10:29 AM
    • Proposed as answer by Peddy1st Sunday, May 20, 2012 12:44 PM
    Sunday, May 20, 2012 10:28 AM
  • Hi Guys,

    I am looking for a script which will list all users in ACTIVE Directory with user ID and date of last logon

    Thanks,

    Alex

    Alex

    Sunday, May 20, 2012 10:48 AM
  • Hi Kazan,

    this script is only working on Windows Server 2008R2 and is using the Active Directory module "ActiveDirectory" which you have to import first using import-module -name Active Directory.


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

    Sunday, May 20, 2012 12:45 PM
  • you have posted your question more than once the answerr you will find here:

    http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/b9f0dae5-1e8b-49ca-845b-f2b49f69eca3


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

    Sunday, May 20, 2012 12:49 PM
  • hi Alex,

    if you need a script that works on all Domaincontrollers nevertheless what operatingsystem they run try this code:

    $RootDSE=[ADSI]"LDAP://rootDSE"
    $obj="LDAP://"+$rootDSE.Defaultnamingcontext
    $domain=New-Object System.DirectoryServices.DirectoryEntry($obj)
    
    $searcher=new-object system.DirectoryServices.DirectorySearcher
    $searcher.searchroot=$Domain
    $searcher.Filter="(objectclass=user)"
    $searcher.pagesize=1
    $searcher.searchscope="subtree"
    $proplist="samaccountname","lastlogon"
    foreach ($i in $proplist) {$searcher.propertiesToLoad.add($i)}
    $results = $searcher.FindAll()
    
    foreach ($i in $results) {
    write-host $i.properties.samaccountname $([datetime]::fromFileTime([int64](($i.properties.lastlogon)[0])))
    }
    
    

    Kind regards

      Thomas


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

    Sunday, May 20, 2012 1:14 PM
  • I have an example PowerShell script, PSLastLogon.ps1, to retrieve the lastLogon date for all users in the domain linked here:

    http://www.rlmueller.net/Last%20Logon.htm

    Also on the page is a link to PSLastLogon2.ps1, which uses the AD modules for the same purpose. Both scripts document the distinguished names and lastLogon dates for the users. If instead you want the "pre-Windows 2000 logon" names, you must modify the final loop where the hash table is enumerated as follow:

    # Output latest last logon date for each user.
    $Users = $arrUsers.Keys
    ForEach ($DN In $Users)
    {
        $Date = $arrUsers["$DN"]
        $User = [ADSI]"LDAP://$DN"
        $Name = $User.sAMAccountName
        "$Name;$Date"
    }

    -----

    This will be considerably slower, as it requires binding to every user object in AD. If this is a concern, the script will be faster (but more complicated) if you use the NameTranslate object to convert the distinguishedNames into sAMAccountNames. Reply if you need this.

    Also, if lastLogonTimeStamp meets your needs (accurate to within 14 days), a script to retrieve this would be much simpler, since the attribute is replicated so you only need one query (one DC). A PowerShell V2 script using the AD modules to retrieve lastLogonTimeStamp could be similar to (one line):

    Get-ADUser -filter * -SearchBase 'ou=Offices,DC=contoso,DC=com' -Properties LastLogonTimeStamp | Select sAmAccountName,@{label="LastLogonTimeStamp";Expression={if($_.LastLogonTimeStamp){[datetime]::FromFileTime([Int64]$_.LastLogonTimeStamp)} Else {"Never"}}}

    -----



    Richard Mueller - MVP Directory Services


    Sunday, May 20, 2012 7:16 PM
  • hi Alex,

    any updates? Is the script working?

    If so, it would be nice if you mark your question accordingly because this may hep others who have got the same or a similar question.

    Kind reegards

      Thomas


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com

    Monday, May 21, 2012 5:26 PM