Here is a quick PowerShell script to help you query the last logon time for all of your users across all of your domain controllers. It will also save the output to a .csv file specified in the $exportFilePath string.
I was surprised not to find many examples of this across the web already. Either not many people have multiple DC’s necessitating this or they have another more “enterprise” way of achieving the same results. Or, I’m just missing something really obvious! Either way, it was a fun script to throw together, and I hope it saves you some time in your quest to clean up AD.
Import-Module ActiveDirectory
function Get-ADUsersLastLogon()
{
$dcs = Get-ADDomainController -Filter {Name -like "*"}
$users = Get-ADUser -Filter *
$time = 0
$exportFilePath = "c:\lastLogon.csv"
$columns = "name,username,datetime"
Out-File -filepath $exportFilePath -force -InputObject $columns
foreach($user in $users)
{
foreach($dc in $dcs)
{
$hostname = $dc.HostName
$currentUser = Get-ADUser $user.SamAccountName | Get-ADObject -Server $hostname -Properties lastLogon
if($currentUser.LastLogon -gt $time)
{
$time = $currentUser.LastLogon
}
}
$dt = [DateTime]::FromFileTime($time)
$row = $user.Name+","+$user.SamAccountName+","+$dt
Out-File -filepath $exportFilePath -append -noclobber -InputObject $row
$time = 0
}
}
Get-ADUsersLastLogon
Got a project that needs expert IT support?
From Linux and Microsoft Server to VMware, networking, and more, our team at CR Tech is here to help.
Get personalized support today and ensure your systems are running at peak performance or make sure that your project turns out to be a successful one!
CONTACT US NOW