locked
Script to pick an individual machine and see the last time someone logged into the domain with it RRS feed

  • Question

  • Hi all,

    I've googled and looked around a few forums for an answer to this and can't find what I'm looking for.   This is probably the closest thing I've found:

    https://gallery.technet.microsoft.com/scriptcenter/Get-Inactive-Computer-in-54feafde

    Problems with this script are:

    I don't care who logged in to the machine last.

    I don't care about any other machines but the one I happen to need at this time.

    Anybody have a way to limit the results to a certain machine instead of gathering all the machines on the network?


    Thanks!


    Monday, October 13, 2014 3:05 PM

Answers

  • You could do something like this - 


    Get-ADComputer <yourmachine> -Properties LastLogontimeStamp | Select LastLogonTimeStamp | % {[datetime]::FromFileTime($_.LastLogonTimeStamp)}
    

    It's not 100% accurate but it shou.ld be good enough if you're just trying to identify stale accounts.

    • Proposed as answer by Mike Laughlin Monday, October 13, 2014 3:28 PM
    • Marked as answer by loadedmod Monday, October 13, 2014 4:52 PM
    Monday, October 13, 2014 3:18 PM

All replies

  • You could do something like this - 


    Get-ADComputer <yourmachine> -Properties LastLogontimeStamp | Select LastLogonTimeStamp | % {[datetime]::FromFileTime($_.LastLogonTimeStamp)}
    

    It's not 100% accurate but it shou.ld be good enough if you're just trying to identify stale accounts.

    • Proposed as answer by Mike Laughlin Monday, October 13, 2014 3:28 PM
    • Marked as answer by loadedmod Monday, October 13, 2014 4:52 PM
    Monday, October 13, 2014 3:18 PM
  • You could do something like this -

    <snip>

    I'd change that slightly, you can use the LastLogonDate property and skip the conversion:


    Get-ADComputer COMPUTERNAME -Properties LastLogonDate | Select Name,LastLogonDate


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Monday, October 13, 2014 3:28 PM
  • Haha, I have to admit I didn't notice/know that they showed the same value!
    Monday, October 13, 2014 3:41 PM
  • The lastLogonTimestamp for a computer object tells when the computer last logged onto the domain, not when a user last logged onto the computer.


    -- Bill Stewart [Bill_Stewart]

    Monday, October 13, 2014 3:53 PM
  • The lastLogonTimestamp for a computer object tells when the computer last logged onto the domain, not when a user last logged onto the computer.


    -- Bill Stewart [Bill_Stewart]


    I think that's really what I'm after when it's all said and done.  The above script is getting me something that is around 8 days "off" from last logged into, when I really just want the last time ANY user logged into the machine.  My fault for not wording it correctly.

    J Bonner

    Monday, October 13, 2014 4:51 PM
  • But again - lastLogonTimestamp for a computer does not refer to the date someone logged onto that machine. That timestamp refers to the last time the computer logged onto the domain. In general, lastLogonTimestamp for a computer is a good way to determine if a computer account is stale, but that isn't the same as checking whether someone has logged onto the machine.

    For example, if the computer is sitting idle and nobody logs onto it interactively (I am assuming an interactive logon is what you're talking about), the lastLogonTimestamp will still be updated periodically under various circumstances (e.g., a reboot), even if nobody logs onto it interactively.


    -- Bill Stewart [Bill_Stewart]

    Monday, October 13, 2014 8:09 PM