Windows Server

PowerShell: Get Last Domain Logon with Get-ADUserLastLogon

The function covered in this blog post is part of my Active Directory Domain Services Section tool, which has been published in 2018. After some time, I decided to create an explicit function for each item of my tool for those who are not interested in using my tool which offers much more than querying domain users last logon. And here is item 16 of my tool: Querying AD user last logon.

Get-ADUserLastLogon

Get-ADUserLastLogon gets the last logon timestamp of an Active Directory user. Each domain controller is queried separately to calculate the last logon from all results of all DCs.

The function includes only one parameter. Provide the user logon name (SamAccountName). You will also see which domain controller reports the most current logon of the user.


Get-ADUserLastLogon -UserLogonName patrick

1.PNG

If a non-existent user name is entered, the function terminates.

1.PNG

If there are no logon reports of a user, the function will display the following message.

1.PNG

The function will also work in PowerShell 7 and above.

1.PNG

If you like it, have a look at my Download Section to download the *.ps1 file or copy the code below.

The Code


function Get-ADUserLastLogon {

# .SYNOPSIS
# Get-ADUserLastLogon gets the last logon timestamp of an Active Directory user.

# .DESCRIPTION
# Each domain controller is queried separately to calculate the last logon from all results of all DCs.

# .PARAMETER
# UserLogonName
# Provide the user logon name (samaccountname) of the user.

# .EXAMPLE
# Get-ADUserLastLogon -UserLogonName s.stollane

# .NOTES
# Author: Patrick Gruenauer
# Web:
# https://sid-500.com

[CmdletBinding()]
param

(

[Parameter(Mandatory=$true)]
$UserLogonName

)

$resultlogon=@()

Import-Module ActiveDirectory

$ds=dsquery user -samid $UserLogonName

If ($ds) {

$getdc=(Get-ADDomainController -Filter *).Name

foreach ($dc in $getdc) {

Try {

$user=Get-ADUser $UserLogonName -Server $dc -Properties lastlogon -ErrorAction Stop

$resultlogon+=New-Object -TypeName PSObject -Property ([ordered]@{

'User' = $user.Name
'DC' = $dc
'LastLogon' = [datetime]::FromFileTime($user.'lastLogon')

})

}

Catch {
''
Write-Warning "No reports from $($dc)!"

}

}

$resultlogon | Where-Object {$_.lastlogon -NotLike '*1601*'} | Sort-Object LastLogon -Descending | Select-Object -First 1 | Format-Table -AutoSize

If (($resultlogon | Where-Object {$_.lastlogon -NotLike '*1601*'}) -EQ $null)

{

''
Write-Warning "No reports for user $($user.name). Possible reason: No first login."

}
}

else

{throw 'User not found. Check entered username.'}

}

How to use it

Copy the code above into PowerShell ISE (ise.exe) or an editor of your choosing and run the code. Then type the command and have fun with it.

If you want to make the function permanently available, so that the function is available every time you start PowerShell, you have to create a folder in C:\Program Files\WindowsPowerShell\Modules. Name the folder Get-ADUserLastLogon. Then save the code as .psm1 file in that folder. The screenshot below will help you.

1.PNG

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.