What's a quick and dirty way to get a user list with login time from active directory?

windows-server-2008 active-directory

10,569

Solution 1

@ansgar is correct, AD only store the last logon time (lastlogontimestamp) for each account. If that suffices for you, here is a quick script that pulls the lastlogontimestamp value for each user:

$a = [adsisearcher]'(&(objectcategory=user)(objectclass=user))'
$a.PageSize = 1000
[void]$a.PropertiesToLoad.Add('name')
[void]$a.PropertiesToLoad.Add('lastlogontimestamp')
$a.FindAll() | ForEach-Object {
    $op = '' | select name,llts
    $op.name = $_.properties.name[0]
    if($_.properties.lastlogontimestamp)
    {
        $op.llts=[datetime]::fromfiletime($_.properties.lastlogontimestamp[0])
    }
    else
    {
        $op.llts=$null
    }
    $op
} | Format-Table -AutoSize

Solution 2

Active Directory only stores the timestamp of the last logon. For a logon history you will have to parse the Security eventlogs on all domain controllers for logon/logoff events. Beware of pitfalls while you do that.

10,569

Author by

Andrei Dvoynos

Updated on September 18, 2022

Comments

Andrei Dvoynos over 1 year

Im trying to obtain a list of users with their login time (n times if they have logged in more than once) in a particular timespan, for example between 2pm and 3pm on 10/10/2012.

I've been fiddling around with powershell, but couldn't get much out of it, downloaded the PowerShell extensions from Quest, tried out some snippets, but I couldn't find something that fits my needs.

My guess is to query the events on the Active Directory server but haven't been able to get a snippet that works so far.