none
Powershell compare NET command for last logon info RRS feed

  • Question

  • In a Active Directory domain if you run

    net user 'user_name' /domain | findstr /C:"Password expires"

    and if you run a Powershell script

    $Path = 'C:\Temp\LastLogon.csv'
    Get-ADUser -Filter {enabled -eq $true} -Properties LastLogonTimeStamp |
    Select-Object Name,@{Name="Stamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('yyyy-MM-dd_hh:mm:ss')}} | Export-Csv -Path $Path –notypeinformation

    You get two different time stamps.

    In this particular comparison the NET USER returns the latest logon attempt for a user and the PowerShell script returns an older date for the last logon (i.e Stamp).

    Can you help me understand why the difference in the reported date/time?

    Thanks,

    Thursday, May 21, 2020 4:14 PM

All replies

  • That is because the "LastLogon" and the "LastLogonTimeStamp" are two different things.  Use you search engine to fin articles that explain this.  There are hundreds.

    Your NET USER command is not returning the last logon it is returning the password expiration.

    net user 'user_name' /domain | findstr /C:"Password expires"


    \_(ツ)_/

    Thursday, May 21, 2020 4:23 PM
  • the find string command was from a script I already use for that specific information. My apologies.

    The NET USER user_name /domain without the findstr does list "last logon" in its list of information

    From my search on "last logon" using PowerShell that was the script that came up in the search.

    I assume the $._lastLogonTimeStamp would return the same value.

    Seems like a logical assumption.

    I want bother you again for assistance. If you only response is go find it elsewhere.

    Have a Nice Day.

    Thursday, May 21, 2020 11:56 PM
  • You cannot copy things from anywhere on the Internet without understanding the technology. I suggest taking soem time to learn Active Directory and how it works.  There are many PowerShell scripts that will get "LstLogonDate".  The "Net User" will not get you this.

    Get-ADUser -Filter {enabled -eq $true} -Properties LastLogonDate

    This command will get what you seek.  There is no need for an y conversions or any other commands.  Just run teh command.

    Again - take some time to learn about Active Directory.  It will save you a lot of wasted time.


    \_(ツ)_/

    Friday, May 22, 2020 1:35 AM