locked
Powershell Get-ADUser Question RRS feed

  • Question

  • I need to get the properties lastLogon and pwdLastSet from a user's AD account.

    I have tried:

    Get-ADUser -Identity username -Properties lastLogon,pwdLastSet

    This gives me output, but it gives me more than what I want. When I tried running it through Select, like:

    Get-ADUser -Identity username -Properties lastLogon,pwdLastSet | Select -Property lastLogon,pwdLastSet

    This gives me closer to what I want, but I want the integers to be human-readable dates and times. I would also like the formatting to be more like the output of the first command, or to format the output in a list or table. How can I do this?

    • Edited by mhartkem Wednesday, February 7, 2018 4:05 PM removed repeat code
    Wednesday, February 7, 2018 4:03 PM

Answers

  • Retrieve the LastLogonDate PowerShell property, which converts the Large Integer value of the lastLogonTimestamp attribute into the friendly format in the local time zone that you want.

    Note: The lastLogon attribute is not replicated. Every DC will have a different value for each user, reflecting when the user last authenticated to that DC. The lastLogonTimestamp attribute (and thus the LastLodonDate property) is replicated to all DC's, but is only updated during logon if the old value is more than 14 days in the past (by default). This is satisfactory for most uses, as it reveals inactive accounts.

    Similarly, retrieve the PasswordLastSet PowerShell property, which converts the value of the pwdLastSet attribute into the friendly format in the local time zone.

    Edit: Per my suggestions, the PowerShell command would be:

    Get-ADUser -Identity username -Properties LastLogonDate, PasswordLastSet | Select LastLogonDate, PasswordLastSet

    The Select cmdlet does not require the -Property parameter.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)




    • Edited by Richard MuellerMVP Wednesday, February 7, 2018 7:13 PM clarify
    • Proposed as answer by jrv Wednesday, February 7, 2018 8:11 PM
    • Marked as answer by mhartkem Thursday, February 8, 2018 11:53 AM
    Wednesday, February 7, 2018 5:45 PM

All replies

  • Retrieve the LastLogonDate PowerShell property, which converts the Large Integer value of the lastLogonTimestamp attribute into the friendly format in the local time zone that you want.

    Note: The lastLogon attribute is not replicated. Every DC will have a different value for each user, reflecting when the user last authenticated to that DC. The lastLogonTimestamp attribute (and thus the LastLodonDate property) is replicated to all DC's, but is only updated during logon if the old value is more than 14 days in the past (by default). This is satisfactory for most uses, as it reveals inactive accounts.

    Similarly, retrieve the PasswordLastSet PowerShell property, which converts the value of the pwdLastSet attribute into the friendly format in the local time zone.

    Edit: Per my suggestions, the PowerShell command would be:

    Get-ADUser -Identity username -Properties LastLogonDate, PasswordLastSet | Select LastLogonDate, PasswordLastSet

    The Select cmdlet does not require the -Property parameter.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)




    • Edited by Richard MuellerMVP Wednesday, February 7, 2018 7:13 PM clarify
    • Proposed as answer by jrv Wednesday, February 7, 2018 8:11 PM
    • Marked as answer by mhartkem Thursday, February 8, 2018 11:53 AM
    Wednesday, February 7, 2018 5:45 PM
  • Try this:

    [DateTime]$LastLogon = (Get-ADUser -Identity username).lastLogon
    [DateTime]$PwdLastSet = (Get-ADUser -Identity username).passwordLastSet
    
    $LastLogon
    $PwdLastSet


    Wednesday, February 7, 2018 6:24 PM
  • Thanks, everyone.
    Thursday, February 8, 2018 11:55 AM
  • please mark the accepted response, if it helped. Thanks
    Thursday, February 8, 2018 12:12 PM
  • Try this:

    [DateTime]$LastLogon = (Get-ADUser -Identity username).lastLogon
    [DateTime]$PwdLastSet = (Get-ADUser -Identity username).pwdLastSet
    
    $LastLogon
    $PwdLastSet

    When I try this, I get the error: "Cannot convert null to type "System.DateTime"."

    Saturday, February 10, 2018 6:05 PM
  • you have a null value in either lastLogon or PasswordLastSet property. You can elaborate on that, for example:

    $User = Get-ADUser -identity username
    
    If ($User.lastLogon) {
      [DateTime]$LastLogon = $User.lastLogon
    }
    else {
      $LastLogon = "N/A"
    }
    
    If ($User.PasswordLastSet) {
      [DateTime]$PwdLastSet = $User.PasswordLastSet
    }
    else {
      $PwdLastSet = "N/A"
    }
    
    Write-Host "Last Logon date for user $($User.Name): $LastLogon"
    Write-Host "Password last set for user $($User.Name): $PwdLastSet"

    Sunday, February 11, 2018 11:02 AM