Clicky

Everyone i need some help i ran a report i built to pull all the necessary ad information for users in our OU's while we are doing a re-org of our ad structure. My CTO wants a last login for all accounts. Does anyone have a script to read samaccount names from a notepad/csv file to pull last login so that i can then export that or print it to a file on my c:\ and just reorganize it?

asked 11/14/2011 12:10

arsenal22's gravatar image

arsenal22 ♦♦


6 Answers:
I'll let the powershell guys chime in on the file question

If you quickly need it adfind can do it too

http://www.joeware.net/freetools/tools/adfind/index.htm

adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname lastlogontimestamp -tdc -csv -nodn > c:\CTOReport.csv

Thanks

Mike

link

answered

mkline71's gravatar image

mkline71

If you have the quest active roles setup:

get-qaduser -enabled | select samaccountname,lastlogon | export-csv <filename>
Will export the username and last logon time for each user in AD to a csv.

If you have Windows 2008 R2, you can use the native AD Powershell, you can do it with some modifications. Unfortunately, the native cmdlets don't format the time stamp from LDAP to human readable for you with the Native AD cmdlets, so I recommend using the quest cmdlets (Makes things a lot easier).
If your manager wants the lastlogon for all users, this is the easiest way to get it. You wouldn't need to read a CSV in to get it done.
link

answered 2011-11-14 at 08:14:21

acbrown2010's gravatar image

acbrown2010

OK, so I would provide Quest PS script for that. Create CSV file with column named "login" and put there all sAMAccountNames, save on C-Drive as users.csv

Then use this syntax

Import-CSV c:\users.csv | %{ Get-QADUser $_.login | Select sAMAccountName,givenName,sn,lastLogonTimestamp } | Export-CSV c:\logon.csv

Regards,
Krzysztof
link

answered 2011-11-14 at 09:47:18

iSiek's gravatar image

iSiek

That worked great but the problem is the last logon,lastlogintimestamp, and lastlogondate all returned with no values.  

Import-CSV "c:\temp\employee.csv" | %{ Get-ADUser -identity $_.login -Properties *} | Select-object SamAccountName,givenName,lastLogon,LastLogonDate | Export-CSV "c:\temp\output2.csv"

HELP
link

answered 2011-11-14 at 12:16:46

arsenal22's gravatar image

arsenal22

Hi Arsenal22,

What is the functional level of your domain? 

If the functional level is less than Windows 2003 then lastlogontimestamp will be blank.  The lastlogon attribute (different to lastlogontimestamp) is available at all functional levels, but isn't replicated between domain controllers so will only show the last time a user authenticated on the specific DC you are querying against.  The reason for this is to prevent excessive replication traffic (see here: http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx)

If your domain's functional level is below windows 2003 and you don't have too many domain controllers it may be feasible to write a script that will query the lastlogon attributes from all the DCs and find the most recent value for each user. Let me know if you would like me to do this.

Cheers,

D
link

answered 2011-11-15 at 10:00:01

dicconb's gravatar image

dicconb

Hi, great that it works for  you. But you should not use lastLogon attribute because it is not replicated between DCs and I also do not know that LastLogonDate attribute

Please use lastLogonTimestamp attribute which is replicated between DCs

but as I can see, you are using Windows PS. I will check this in my test environment and will let you know later

Krzysztof
link

answered 2011-11-15 at 16:25:04

iSiek's gravatar image

iSiek

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×25

Asked: 11/14/2011 12:10

Seen: 175 times

Last updated: 12/12/2011 01:07