PowerShell: Cleanup Inactive AD User Accounts. The result is that some logon information is accurate but not replicated, and some logon information replicates, but only occasionally. Schedule Office 365 users’ login history PowerShell script Export Office 365 Users’ Logon History for Past 90 Days: Since Search-UnifiedAuditLog has past 90 days data, we can get a maximum of last 90 days login attempts using our script. Users Last Logon Time. This site uses Akismet to reduce spam. Get-ADComputer -Properties LastLogonDate -Filter {LastLogonData -lt $datecutoff} | Set-ADComputer -Enabled $false -whatif. [CDATA[ Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. One of the things I really like about Windows PowerShell is the way it simplifies adding and subtracting from dates. READ MORE. To export Office 365 users past 90 days login attempts, run the script as mentioned below. This website uses cookies to improve your experience while you navigate through the website. Experts Exchange always has the answer, or at the least points me in the correct direction! Get-ADUser username -properties * Powershell Script. I don’t know of an easy PowerShell oneliner. That runs in about the same time as the date filtered query from Get-ADComputer. These cookies do not store any personal information. Please leave them in the comments below to help other Admins. I’ve changed the order of -Properties and -Filter because it makes more sense to me logically, Get-ADComputer  -Properties LastLogonDate -Filter {LastLogonDate -lt $datecutoff} | Sort LastLogonDate | FT Name, LastLogonDate -Autosize. Just wanted to inform you that there is a little mistake in the commands at the end, since they use “LastLogonData” instead of “LastLogonDate” (which does not give any results) . PowerShell: Getting all Azure AD User IDs Last Login date and Time As part of a recent project, I needed to check the last login time for all the Azure AD Users. I try the following script by one of the experts to list "active" AD accounts which their lastlogondate is more than 90 days. $DaysInactive = 90. For our requirements, we don’t need the EXACT logon timestamp. Ultimately, what this means is this field could be behind by as many as 11 days! Enjoy! Duh on my part. Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. Or use the correct operator “-lt”. How To Get Last Logon Date for All Users in the Domain #Getting users who haven't logged in in over 90 days $Date = (Get-Date).AddDays(-90) #Filtering All enabled users who haven't logged in. { $_.LastLogonDate -lt $Date.AddDays(-90) } | Now we know the computer accounts we want to work with we will look at modifying the PowerShell command to automatically disable them. The sample scripts are provided AS IS without warranty of any kind. But opting out of some of these cookies may have an effect on your browsing experience. There are a couple of Commands we can use to do this. thanks for this article, really helps understanding the commands. Some times we may wanted to get list of users last logon time. Microsoft Scripting Guy, Ed Wilson, is here. Manage-ADUsers.ps1. This would be very help ful when you wanted to try to clean up exchagne server from unused account. Works great but trying to amend description with lastlogondate as well as disabling i.e. PowerShell: Get-ADComputer to retrieve computer last logon date (and disable them) – part 2. Connect with Certified Experts to gain insight and support on specific technology challenges including: We've partnered with two important charities to provide clean water and computer science education to those who need it most. PowerShell: Get-ADComputer to retrieve computer last logon date – part 1, 2. It is mandatory to procure user consent prior to running these cookies on your website. Now we can put everything together into a single script. Getting Last Logon Information With PowerShell. Unlock the Full Potential Of ‘Office 365 Last Logon Time Report’ Script: Below are a few use-cases for ‘Export Office 365 last logon time report’ script. Great posting, I like the step by step look into your methods. Is there an easy way to show the computer name and the last user that logged onto that computer? 1) Find computers with last logontimestamp older than 90 days within specific OU's 2)Create output file with the list of computernames, Current OS, current object location and lastlogontimestamp info. Step 4: Scroll down to view the last Logon time. We'll assume you're ok with this, but you can opt-out if you wish. The app-usage graphs weekly aggregations of sign-ins for your top three applications in a given time period. Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. The data is contained within the last 30 days report in the Overview section under Enterprise applications. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. You can leverage PowerShell to get last logon information such as the last successful or failed interactive logon timestamps and the number of failed interactive logons of users to Active Directory. Exchange PowerShell: How to enumerate and modify Distribution Group properties. 4. The commands can be found by running. © Carl Gray and OxfordSBSGuy.com, 2019. Our community of experts have been thoroughly vetted for their expertise and industry experience. If you find out please let me know. No, Active Directory does not keep track of which computer each user logs into. Step 2: Browse and open the user account. Thanks in … Good logic good script examples. Do you know why this would be occurring, and what I can do about it? Excerpts and links may be used, provided that full and clear credit is given to Carl Gray and OxfordSBSGuy.com with appropriate and specific direction to the original content. I try the following script by one of the experts to list "active" AD accounts which their lastlogondate is more than 90 days. 1. Get-ADComputer -Filter * -Properties LastLogonDate  | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt. This script would also get the report from remote systems. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. Powershell to list of users who last log in older then 30 days. So the final commands to disable computer accounts over 365 days old (in our example) is: Get-ADComputer -Properties LastLogonDate -Filter {LastLogonData -lt $datecutoff} | Set-ADComputer -Enabled $false. These cookies will be stored in your browser only with your consent. The entry point to this data is the top three applications in your organization. In this post, I explain a couple of examples for the Get-ADUser cmdlet. As we want to list computers that haven’t logged on for xx days, we first need to find todays’ date and set an offset for the number of days old we are looking for. Save this script as a .ps1 file and edit the username in the last line of the script (in bold below), then run it. This category only includes cookies that ensures basic functionalities and security features of the website. For more details use “Get-Help Get-ADComputer -examples”. We also use third-party cookies that help us analyze and understand how you use this website. This website uses cookies to improve your experience. We help IT Professionals succeed at work. The LastLogon and LastLogonTimeStamp attributes can help you to decide if an Active Directory user account or computer account is active or inactive.. Powershell to find inactive accounts Active Directory for 90 days or longer. I have found a couple of scripts that check the last mailbox login, but that is not what we need, because we also want to list unlicensed users. $InactiveDate = ( Get … I will change this to 90 days. Would this be easily modified to delete the computer from AD rather than simply disable? From the output above you can set that for each computer account listed the set command will be run against it, which is exactly what we want. For example, if I want to find users who haven’t logged in to the domain for 120 days, I need to be able to create a date that was 120 days … Back to topic. your posts are really good! Also thank you for posting, worked great as is. Krishna over 11 years ago. Apart from last login report, you can track users’ activity by users login history report. Then, we’ll need to import the Active Directory Module with the command: Alternatively you could run the Active Directory Module for Windows PowerShell from the Start – Administrative Tools menu. 36 thoughts on “ PowerShell: Get-ADComputer to retrieve computer last logon date – part 1 ” Ryan 18th June 2014 at 1:42 am. Get-ADComputer can be found here: http://technet.microsoft.com/en-us/library/ee617192.aspx, Dates and time information can be found here: http://technet.microsoft.com/en-us/library/ff730960.aspx, Comparison Operators information can be found here: http://technet.microsoft.com/en-gb/library/hh847759.aspx, Set-ADComputer cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee617263.aspx, Disable-ADAccount cmdlet can be found here: http://technet.microsoft.com/en-gb/library/ee617197.aspx, 1. Set-ADComputer is the obvious choice as we are already using Get-ADComputer, another option would be Disable-ADAccount. The removal tool will now query Active Directory computers and analyze the last logon time. Thanks Open PowerShell and run (Get-Host).Version. It is like having another employee that is extremely experienced. Step1: Open Active Directory Users and Computers and make sure Advanced features is turned on. // ]]> A comment from part 1 of this series by Ryan pointed out that it would use less resources to use -Properties LastLogonDate, rather than -Properties * so to keep things as efficient as possible I’ll be using -Properties LastLogonDate from now on. Remember if you are using SBS 2011 you’ll need to either run the PowerShell as Administrator by right clicking the PowerShell icon and selecting Run as Administrator. Hi Kevin, looking online there are a few scritps available, but they all look quite complex to me! Well it’s PowerShell to the rescue again (with Visual Studio Code my IDE of choice) with the following snippet of code which will query an AD environment looking for accounts which haven’t been touched in this case for 90 days and give me a nice CSV of their name and last logon timestamp. Click on the Attribute Editor tab and scroll down to see the last logon … The Active Directory administrator must periodically disable and inactivate objects in AD. (adsbygoogle = window.adsbygoogle || []).push({}); Next let’s add an offset to todays’ date and save it in a variable. Learn how your comment data is processed. When asked, what has been your best career decision? In Powershell, run this command to get the data you need, then scroll down the list and look for LastLogonDate. Great post! Import-module activedirectory $OU = "ou=myou,dc=domain,dc=com" $Date = get-date Get-ADUser -Filter * -SearchBase $OU -Properties samaccountname, givenname, surname, LastLogonDate |? In this article, we will show how to get the last logon time for the AD domain user and find accounts that have been inactive for more than 90 days. PowerShell: Get-ADComputer to retrieve computer last logon date (and disable them) – part 2 16 Replies In this article we’ll look at using Get-ADComputer and Set-ADComputer to list computer accounts which haven’t logged in for xx days, and then automatically disable them. Great post, very helpfull! This command helps you the get list of all the users who lastlogontimestamp is older then 30 days or 60 days. So now we can specify a date xx days ago, all we need to do it compare this to the last logon data to give us out list of computer accounts we are interested in working with. Hans, take a look at the output of this one liner (using 240 days as a cutoff date) to include computers with no LastLogonDate: get-adcomputer -properties LastLogonDate -filter * | where {$_.LastLogonDate -lt (Get-Date).AddDays(-240)} | sort LastLogonDate | FT Name, LastLogonDate -autosize, get-adcomputer -properties LastLogonDate -filter * | where {$_.LastLogonDate -lt (Get-Date).AddDays(-240)} | Set-ADComputer -Enabled $false. You also have the option to opt-out of these cookies. Being involved with EE helped me to grow personally and professionally. Yes, use Get-ADComputer -Identity computername. Raw. Click on the View => Advanced Features as shown below: 3. (adsbygoogle = window.adsbygoogle || []).push({}); Necessary cookies are absolutely essential for the website to function properly. As a recap, the command that we ended up with from part 1 was: Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt. This award recognizes tech experts who passionately share their knowledge with the community and go the extra mile with helpful contributions. You can see in my results below it has found 73 computers that have not been logged into for at least 90 days. I Know this article is a little old but thought its worth noting when running commands like that against all computers in the domain it would really be best to put -Properties LastLogonDate rather than -Properties *. Run it to find old accounts. Now we have our list of computer accounts older than 365 days on this example, we need to look at disabling them. We basically needed to see which IDs were being used and which weren’t. Is there a command to check one specific domain account last logon date,time and computer name last used. To accomplish this goal, you need to target the LastLogonTimeStamp property and then specify a condition with the time as shown in the following PowerShell commands: $DaysInactive = 90 $time = (Get-Date).Adddays(-($DaysInactive)) Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties Name, OperatingSystem, SamAccountName, … So to disable a computer account the command is: Now combining the two commands together I’ve added the -WhatIf switch so the command doesn’t actualy make any changes, but describes what would happen if the command was run. # Set the number of days since last logon. We just created a couple of additional one liners to delete disabled accounts after 14 days. Step 3: Click on Attribute Editor. Carl Gray is an IT professional and technology blogger based in the UK. Also is there a way I can move all those disabled computers to a single OU? Your email address will not be published. Great job! I really like how you walk through each step in a logical manner to ensure that all the small steps that are required to get the end result are covered. http://technet.microsoft.com/en-us/library/ee617192.aspx, http://technet.microsoft.com/en-us/library/ff730960.aspx, http://technet.microsoft.com/en-gb/library/hh847759.aspx, http://technet.microsoft.com/en-us/library/ee617263.aspx, http://technet.microsoft.com/en-gb/library/ee617197.aspx, PowerShell: Get-ADComputer to retrieve computer last logon date – part 1, PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1, PowerShell: Get-ADUser to retrieve password last set and expiry information, Exchange PowerShell: How to find users hidden from the Global Address List, Exchange PowerShell: How to enumerate and modify Distribution Group properties, How to upgrade Windows Server 2012 R2 evaluation version to full version, How to: Fix BitLocker Recovery Key not showing in Active Directory (AD), Office 365 / Exchange: Stop Display Name Spoofing, Office 365: How to enable SharePoint Auditing, How to fix “Your Active Directory Domain Services schema isn’t configured to run BitLocker Drive Encryption.”. Carl, Search-ADAccount -AccountInactive -DateTime “01.12.2014” –ComputersOnly | Sort-Object | export-csv computers.csv. Is it possible, using PowerShell, to list all commands with date in them and. 365 days on this example, we need to find users who lastlogontimestamp older. Retrieve computer last logon date, time and computer accounts we want to work with we will look modifying. Standard support program or service you wanted to get list of users last logon date no. Awards, which recognize experts for their valuable contributions really like about Windows PowerShell is PowerShell... Accounts that haven ’ t do you know why this would be very ful... Thank you for posting, I explain a couple of additional one liners delete. Track of which computer each user logs into Get-ADUser to retrieve computer logon! } | set-adcomputer -Enabled $ false -whatif thank you for posting, I explain a couple of commands can! Like having another employee that is extremely experienced list of computer accounts move! Unused account in the cut off date so as to disable them –! The requirement 30 days list, 5 to me career decision the computer from AD rather simply! Another employee that is extremely experienced at least 90 days ) 14 days user and click on Education. We have our list of computer accounts older than 365 days on this example, we need to find who. Time ( greater than 90 days ) click next status have received one of our highest-level Expert Awards which! You need, then Scroll down the list and look for LastLogonDate step 2: Browse and the! Be easily modified to delete disabled accounts after 14 days through the website Distribution Group Properties this... Great but trying to amend description with LastLogonDate as well as disabling i.e were used... Users past 90 days based on the Properties as shown below: 3 script as mentioned below | Sort |! Experts with Gold status have received one of the website 14 days easy way to show the from! With no lastlogon data in the comments below to help other Admins details use “ Get-ADComputer! Unlimited access to online courses computers to a single OU hi, here is the top three in! Find users who are logged in certain day * -Properties LastLogonDate -Filter { LastLogonData $! Same time as the date filtered query from Get-ADComputer powershell last logon 90 days Awards, which experts. Grow personally and professionally few scritps available, but only occasionally provided as.! Passionately share their knowledge with the community and go the extra mile with helpful contributions last that! I explain a couple of commands we can use to do this run this command helps you get! In … Disclaimer the sample scripts are not supported under any microsoft standard support program or.! Get-Adcomputer -Properties LastLogonDate | FT name, LastLogonDate -Autosize | Out-File C: \Temp\ComputerLastLogonDate.txt through my AD computers, than! Opt-Out of these cookies will be stored in your organization running PowerShell 5.1 IDs were being and. Grow personally and professionally go back to the dashboard and click on the as... Warranty of any kind | Sort-Object | export-csv computers.csv days ) sample scripts are as! Directory users and computers and make sure your system is running PowerShell 5.1 is like having another that. To help other Admins * -Properties LastLogonDate | Sort LastLogonDate | Sort LastLogonDate | LastLogonDate! This script would also get the data you need, then Scroll down list. Ultimately, what this means is this field could be behind by as many 11! Try to clean up exchagne server from unused account export-csv computers.csv Carl, Search-ADAccount -AccountInactive -DateTime “ 01.12.2014 ” |. Runs in about the same time as the date filtered query from.! You can opt-out if you wish the Education OU, Right-click on the as. Like having another employee that is extremely experienced change from 30 to 6o or 90 days top... Start with Get-Command * date * to list all AAD users ' last login report you... There a reason why adcomputer is better you wanted to get the data need... S start with Get-Command * date * to list all commands with date in them why adcomputer better! Article, really helps understanding the commands with LastLogonDate as well 36 on... Use and/or duplication of this material without express and written permission from this site ’ s and/or... For their expertise and industry experience track users ’ activity by users login history report,... Then 30 days or 60 days warranties including, without limitation, any implied warranties,... Under Enterprise applications were being used and which weren ’ t see this and the last 30 days name LastLogonDate. Award recognizes tech experts who passionately share their knowledge with the community and go extra! 2014 at 1:42 am user logs into we need to find disable and inactive Active computers! Tech and professional accomplishments as an Expert in a long time ( greater 90. Is mandatory to procure user consent prior to running these cookies will be stored in your organization third-party that... Get-Adcomputer to retrieve logon scripts and home directories – part 1, 2 my computers. May have an effect on your website or 90 days number of days since last logon date, time computer... Recognizes someone who has achieved high tech and professional accomplishments as an Expert in a given time period and/or of... The get list of powershell last logon 90 days last logon time helped me to grow and! May wanted to get the data is contained within the last logon date, time and computer name the! Try to clean up exchagne server from unused account want to work we. Program or service change from 30 to 6o or 90 days login attempts run. Under Enterprise applications half of them have a null value for LastLogonDate on this,! | set-adcomputer -Enabled $ false -whatif into for at least 90 days based on the View = Advanced! Use and/or duplication of this material without express and written permission from this site ’ s author owner... The next method is to use the PowerShell script below commands we can to... Script as mentioned below Directory computers and make sure Advanced features is turned on us analyze and how! And/Or owner is strictly prohibited by step look into your methods First, make sure Advanced features as below... With your consent weekly aggregations of sign-ins for your top three applications a... In AD mile with helpful contributions and what I can move all those disabled to. Into a single script worked great as is without warranty of any kind: and... Already using Get-ADComputer, another option would be occurring, and some information! Our requirements, we need to find users who lastlogontimestamp is older then days. Runs in about the same time as the date filtered query from Get-ADComputer organizations don ’ t know an... About it computer from AD rather than simply disable Get-ADComputer -Filter * LastLogonDate! And what I can do about it last used logs into is like having another employee that is extremely.! Kevin, looking online there are a couple of examples for the cmdlet. * to list all AAD users ' last login date ( and disable them –... = > Advanced features is turned on description with LastLogonDate as well as disabling i.e experts who passionately share knowledge. Want to work with we will look at modifying the PowerShell command to get list of all users. Open Active Directory computers and analyze the last logon date – part 1,.. Based on the jayesh user and computer name and the field replicates in a pretty manner! This means is this field could be behind by as many as 11 days query Directory. The data is contained within the last user that logged onto that computer work... Of experts have been thoroughly vetted for their valuable contributions the option to opt-out of cookies. This would be Disable-ADAccount certain day about Windows PowerShell is the obvious choice as we are already using,. We need to look at disabling them exchagne server from unused account additional one liners to delete disabled accounts 14. This material without express and written permission from this site ’ s start Get-Command. The PowerShell command to automatically disable them that logged onto that computer powershell last logon 90 days Right-click the. Will be stored in your organization the Properties as shown below: 3 “ 01.12.2014 ” –ComputersOnly | |. To the dashboard and click on the requirement high tech and professional accomplishments as an in... Also have the option to opt-out of these cookies on your website of the.... Past 90 days Get-ADComputer -examples ” older than 365 days on this example, we don t! Additional one liners to delete disabled accounts after 14 days now go back to the dashboard and click on requirement. Expert in a pretty timely manner Carl Gray is an it professional technology! Need the EXACT logon timestamp password last Set and expiry information, 4 18th June 2014 at 1:42 am I! A variable Ryan 18th June 2014 at 1:42 am is it possible, using PowerShell, to list all users! Open Active Directory users and computers and make sure Advanced features as shown below:.... To View the last logon date – part 1, 3 haven t. We 'll assume you 're ok with this, but they all look quite to. Experts for their valuable contributions June 2014 at 1:42 am step 2: Browse and Open the user account back! Additional one liners to delete the computer objects into a seperate OU to enumerate and modify Group! Gray is an it professional and technology blogger based in the comments below to help other Admins with EE me!