Active Directory

Detecting Last Logon Time with PowerShell

Detecting Last Logon Time with PowerShell

In Windows Server 2003 Microsoft introduced the lastLogontimeStamp attribute. Administrators can use the lastLogontimeStamp attribute to determine if a user or computer account has recently logged onto the domain. Using this information administrators can then review the accounts identified and determine if they are still needed and take appropriate action.

AD stores a user’s last logon time in the Last-Logon user object attribute. Like the logging of account logon events, The last logon time is updated only in the AD instance of the domain controller (DC) that actually authenticated the user and is not replicated.The authentication process is totally depend upon on your AD design. How we can redirect the users to particular domain controller for authentication.

Information about user’s last logon date in Active Directory may be very helpful in detecting inactive accounts. Knowing that IT admins can prevent unauthorized attempts to log in to IT systems thus minimizing risk of a security breach by disabling accounts not used.

Every time a user logs on, the logon time is stamped into the “Last-Logon-Timestamp” attribute by the domain controller.

Last logon time reports are essential to understanding what your users are doing

Detecting Last Logon Time with PowerShell

Start Windows PowerShell through the Start Menu or by using “Run”. You can also type “PowerShell” in the Start Menu search and press “Enter”.

Copy and run the following script to generate last logon reports on the command screen:

$Path = ‘C:\Temp\LastLogon.csv’
Get-ADUser -Filter {enabled -eq $true} -Properties LastLogonTimeStamp |

Select-Object Name,@{Name=”Stamp”; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString(‘yyyy-MM-dd_hh:mm:ss’)}} | Export-Csv -Path $Path –notypeinformation

Last Logon Script

Once script executed output file will store in Temp folder under C drive or you can also change the output file as per your requirement.

Last logon Script Output

Go to C\Temp folder and Open the CSV file-

Last Logon for enabled users

You can also check the last logon time for particular user as well by attribute editor.

Last Logon of Mark user

This is how we can get the last logon time stamp for all enabled users in csv format as well checked for particular user via attribute editor.

So, that’s all in this blog. I will meet you soon with some other stuff. Have a nice day !!!

Recommended content

RODC Installation Guide- Step by step guide to install read only domain controller

RODC Filtered Attribute Set

Installing and configuring a RODC in Windows Server-2012

How to find the GUID of Domain Controller

Group Policy Understanding Group Policy Preferences

Group Policy Verification Tool GPOTool Exe

Group Policy Health Check on Specific Domain Controller

What is Netlogon Folder in Active Directory

How to Create Custom Attributes in Active Directory

How Can I Check the Tombstone Lifetime of My Active Directory Forest

How to Determine a Computers AD Site From the Command Line

How to Check the Active Directory Database Integrity

How to Check the Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

What is Strict Replication Consistency

The replication operation failed because of a schema mismatch between the servers involved

Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers

How to export replication information in txt file

Repadmin Replsummary

Enabling the outbound replication

Guys please don’t forget to like and share the post. You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno
Back to top button