• Get-AllUserLastLogon

    Help Information

    SYNOPSIS
    Gets the last logon time for User accounts and exports to a CSV file.

    DESCRIPTION
    This script will query Domain Controllers to find the last logon time for User accounts in the domain.

    NOTES
    Requires Quest AD Cmdlets

    Source: http://www.clintmcguire.com/
    Author: Clint McGuire
    Version 1.1
    Copyrigth 2011,2013

    LINK
    http://www.clintmcguire.com/get-alluserlastlogon/

    EXAMPLES
    PS> Get-AllUserLastLogon

    Version History

    1.1 Added Comment-based help

    1.0 Initial Release

    Latest Version

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    
    <#
    .SYNOPSIS
    Gets the last logon time for User accounts and exports to a CSV file.
     
    .DESCRIPTION
    This script will query Domain Controllers to find the last logon time for User accounts in the domain.
     
    .NOTES
    Requires Quest AD Cmdlets
     
    Source: http://clintmcguire.com
    Author: Clint McGuire
    Version 1.1
    Copyrigth 2011,2013
     
    .LINK
    http://www.clintmcguire.com/get-alluserlastlogon/
     
    .EXAMPLES
    PS> Get-AllUserLastLogon
     
    #>
    $DCs = get-qadcomputer -ComputerRole DomainController
    $LastLogon = @{}
    ForEach ($DC in $DCs) {
        $Users = Get-QADUser -Service $dc.dnshostname -Enabled
        ForEach ($User in $Users) 
        {
            If ($User.LastLogon -ne $null)
            {   
                $Time = $User.LastLogon | Get-Date -Format u
            }
            Else
            {
                $Time = $User.LastLogon
            }
            $UserName = $User.DisplayName
            if ($LastLogon.ContainsKey($UserName))
            {
                    if ($LastLogon.Get_Item($UserName) -le $Time) {
                    $LastLogon.Set_Item($UserName, $Time)
                }
            }
            else{
                $LastLogon.Add($UserName, $Time)
            }
        }
    }
    $LastLogon.GetEnumerator() | Sort-Object Name |export-csv $home\AllADUserLastLogon.csv -NoTypeInformation
    <#
    .SYNOPSIS
    Gets the last logon time for User accounts and exports to a CSV file.
    
    .DESCRIPTION
    This script will query Domain Controllers to find the last logon time for User accounts in the domain.
    
    .NOTES
    Requires Quest AD Cmdlets
    
    Source: http://clintmcguire.com
    Author: Clint McGuire
    Version 1.1
    Copyrigth 2011,2013
    
    .LINK
    http://www.clintmcguire.com/get-alluserlastlogon/
    
    .EXAMPLES
    PS> Get-AllUserLastLogon
    
    #>
    $DCs = get-qadcomputer -ComputerRole DomainController
    $LastLogon = @{}
    ForEach ($DC in $DCs) {
    	$Users = Get-QADUser -Service $dc.dnshostname -Enabled
    	ForEach ($User in $Users) 
    	{
    		If ($User.LastLogon -ne $null)
    		{	
    			$Time = $User.LastLogon | Get-Date -Format u
    		}
    		Else
    		{
    			$Time = $User.LastLogon
    		}
    		$UserName = $User.DisplayName
    		if ($LastLogon.ContainsKey($UserName))
    		{
    				if ($LastLogon.Get_Item($UserName) -le $Time) {
    				$LastLogon.Set_Item($UserName, $Time)
    			}
    		}
    		else{
    			$LastLogon.Add($UserName, $Time)
    		}
    	}
    }
    $LastLogon.GetEnumerator() | Sort-Object Name |export-csv $home\AllADUserLastLogon.csv -NoTypeInformation

    To Dos

    Add Source option for selecting which OU to get Users from for last logon times for.

    Add registration of Quest Snapin to script.

    Add options for making choices about DCs to run script against.

    Add parameters for Output and/or filename

    Make CSV output only 2 columns

    Replace blank last logon times with “No Last Logon”

    8 Responses to Get-AllUserLastLogon

    1. Bryan
      2013/11/04 at 12:08 PM

      This seems to take FOREVER to run for me…

      • Clint
        2013/11/04 at 12:32 PM

        How many DCs in your environment?
        How many sites?

        If you have a big environment you might need to be more specific about what is targeted…

    2. Jeff Stepputtis
      2014/01/02 at 2:04 PM

      Clint will this list the users of the local domain or list the users of all the domains in your environment? If I run the script on a specific domain will it return only that domains information? Thanks

      • Clint
        2014/02/19 at 9:15 AM

        It will run against the domain the machine is a member of.

    3. 2016/01/27 at 1:02 PM

      Clint what if I wanted to add the Department field?

      • Clint
        2016/01/27 at 1:20 PM

        Hi Mark,

        Interesting question…

        I will think about this and get back to you.

    4. Mark Cooper
      2016/01/27 at 5:22 PM

      Clint I probably should have explained my reason. We have multiple people with the same name so sometimes knowing which one is which on the report.

      • Clint
        2016/03/10 at 12:18 PM

        To follow up from our email conversation, I think you can resolve this by switching line 37 from $UserName = $User.DisplayName to $UserName = $User.SAMAccountName
        Since the SAM Account Name is unique, this should work.
        Let me know if you have more questions.

    Leave a Reply

    Your email address will not be published. Required fields are marked *