none
Query AD for Users Logon and logoff filtered by a Date Range

    Question

  • Hi,

    Can anyone help me to query the AD for users who logon and logoff during a span of 1 week or 1 month?

    Thanks


    Anthony JD Luistro

    Wednesday, November 11, 2015 12:20 PM

Answers

  • You can use powershell to check the last logon date from AD.  This is an example for one, I pulled out of more complex script but should give a general idea.

    $date = Get-Date -Format yyyyMMddhhmmss
    $logonDate = Get-Date
    $logonDate = $logonDate.AddMonths(-12)
    $ou = "DC=testdomain,DC=com"
    $users = Get-ADUser -Filter {(lastlogondate -lt $logonDate -or -not(lastlogondate -like "*")) -and (enabled -eq $false)} `
                -SearchBase $ou -Properties name,givenName,sn,sAMAccountName,distinguishedName,lastLogonDate,enabled
    foreach ($user in $users)
    {
    Write-Host $user.Name
    }

    BUT, if you want logon and logoff, you will probably need to capture and parse the security event logs on all domain controllers. Active Directory will not tell you when a user/computer logs off.

    Also, may have better response in the Directory Services forum or the PowerShell forum.  This is the Group Policy forum.

    Wednesday, November 11, 2015 2:44 PM

All replies

  • You can use powershell to check the last logon date from AD.  This is an example for one, I pulled out of more complex script but should give a general idea.

    $date = Get-Date -Format yyyyMMddhhmmss
    $logonDate = Get-Date
    $logonDate = $logonDate.AddMonths(-12)
    $ou = "DC=testdomain,DC=com"
    $users = Get-ADUser -Filter {(lastlogondate -lt $logonDate -or -not(lastlogondate -like "*")) -and (enabled -eq $false)} `
                -SearchBase $ou -Properties name,givenName,sn,sAMAccountName,distinguishedName,lastLogonDate,enabled
    foreach ($user in $users)
    {
    Write-Host $user.Name
    }

    BUT, if you want logon and logoff, you will probably need to capture and parse the security event logs on all domain controllers. Active Directory will not tell you when a user/computer logs off.

    Also, may have better response in the Directory Services forum or the PowerShell forum.  This is the Group Policy forum.

    Wednesday, November 11, 2015 2:44 PM
  • Hi,
     
    Just checking in to see if above information was helpful. Please let us know if you would like further assistance.
     
    Thanks,
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Friday, November 13, 2015 9:43 AM
    Moderator
  • Hi,
     
    I'm marking the reply as answer as there has been no update for a couple of days.
     
    If you come back to find it doesn't work for you, please reply to us and unmark the answer.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, November 17, 2015 1:35 AM
    Moderator