none
Real logon attribute using powerhsell

    Question

  • Hi 

    I need to get all users real logon details from the DCs. I am using below command but this command giving me lots of output of each DC and date time.. which  is time consuming for  me to filter. Is it possible to get any PS script using below method and get latest logon time and DC name with user name?

    repadmin /showattr * "DC=Domain,DC=COM" /subtree /filter:”(&(objectCategory=Person)(objectClass=user))” /attrs:lastLogontimeStamp >lastLogontimeStamp.txt

    Thursday, November 1, 2018 7:48 PM

Answers

  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    • Marked as answer by Mr. Raj Thursday, December 6, 2018 3:48 PM
    Tuesday, November 27, 2018 1:58 AM
    Moderator

All replies

  • The command is not a PS command.  For AD utilities post in AD forum.

    To get user accounts in PowerShell:

    Get-AdUser -FIlter * -Properties LastLogonDate | select name, LastLogonDate


    \_(ツ)_/

    Thursday, November 1, 2018 8:12 PM
    Moderator
  • Thanks JRV

    But using PS.. how can we get realtime logon attribute value.

    Thursday, November 8, 2018 2:24 PM
  • Thanks JRV

    But using PS.. how can we get realtime logon attribute value.

    Thursday, November 8, 2018 2:33 PM
  • Search for blogs that explain the many ways to track logons.  The LastLogonDate is the real logon.  It is not a fake and it is not a trick.

    You first need to define what "real logon" means then search for that in order to find solutions.


    \_(ツ)_/

    Thursday, November 8, 2018 2:37 PM
    Moderator
  • The LastLogonDate property is the value of the lastLogonTimestamp attribute converted into a datetime value in the local time zone. It is updated at logon if the old value is more than 14 days in the past, and then replicated to all DCs in the domain. This meets the needs of most admins. It identifies unused accounts.

    The lastLogon attribute is updated at logon, but only on the DC that authenticates the user. The value is not replicated. To determine the actual last logon (almost never needed), you must query every DC in the domain. I have used the following:

    Get-ADDomainController -Filter * | ForEach {
        $Server = $_.Name
        $User = Get-ADUser -Identity jsmith `
            -Properties lastLogon -Server $($Server)
        # the Parse method converts the string representation of a number
        # into the 32-bit signed integer equivalent.
        $T = [Int64]::Parse($($User.lastLogon))
        $D = [DateTime]::FromFileTime($T)
        "$Server, $D"
    }
    

    For all users you would use "-Filter *" in place of "-Identity jsmith" (where jsmith is the sAMAccountName), plus output the sAMAccountName of the user on each line.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Proposed as answer by BOfH_666 Thursday, November 8, 2018 3:00 PM
    Thursday, November 8, 2018 2:52 PM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    Friday, November 9, 2018 8:14 AM
    Moderator
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    • Marked as answer by Mr. Raj Thursday, December 6, 2018 3:48 PM
    Tuesday, November 27, 2018 1:58 AM
    Moderator
  • Thanks LeeSeenLI

    You are amazing...

    Thursday, December 6, 2018 3:49 PM