Find When a user last logged in

0

I am trying to figure out a way to look at all of the AD user accounts on a specific computer and then see how long its been since each of them last signed into that specific computer. I found a PS script to do this but the problem was that it would show the last time those users logged into AD in general, not that specific computer. To add some context I will have to use the script to purge local AD users from computers who haven't re logged into that specific computer for 90 days. Also I'm fairly new to PS. Thanks in advanced for anyone who helps!

Old script:

$data = @() 
$NetLogs = Get-WmiObject Win32_NetworkLoginProfile -ComputerName "PC-NAME";
foreach ($NetLog in $NetLogs) { 
if ($NetLog.LastLogon -match "(\d{14})") { 
$row = "" | Select Name,LogonTime 
$row.Name = $NetLog.Name 
$row.LogonTime=[datetime]::ParseExact($matches[0], "yyyyMMddHHmmss", $null) 
$data += $row
} 
} 
$data

Where I got the old script:

http://xpertkb.com/find-lastlogon-date-server-local-domain-users/

Austin

Posted 2017-02-28T22:01:43.297

Reputation: 11

"I will have to use the script to purge local AD users from computers who haven't re logged into that specific computer for 90 days." What does this mean, and why do you need to do this? – Bill_Stewart – 2017-03-01T17:55:34.113

Answers

0

The way to do it is execute a logon script that records date, username and hostname every time a user logs on to the domain; you can set this in Active Directory. You would then only need to parse this centralized log location where you save this information.

Another possibility is parsing the Domain Controller log, but this has proven slow and impractical for us.

You could check the file C:\Users\<user>\NTUSER.DAT: if its last modified date is older than 90 days...zap the profile!

simlev

Posted 2017-02-28T22:01:43.297

Reputation: 3 184

That is a good idea for the future but do you have any ideas to check computers currently? – Austin – 2017-03-01T16:35:14.517

Check if there's a file modified in the last 90 days in the user profile folder. This is rough but may be acceptable since you would only need to do it once, before setting up the logon script. – simlev – 2017-03-02T10:14:01.640

That is a possibility, my only concern is that NTUSER.dat is only updated when the users settings are updated so in turn an active users NTUSER.dat could look really old just because he hasn't changed anything in the last X months. – Austin – 2017-03-03T21:26:50.270

I can't guarantee that, but of course before posting I did a test on Windows 7, 10 and 2012 and it gets updated just by logging in. In order to be on the safe side you could check that file first and then the rest of the user profile folder, stopping at the first recent file you encounter. – simlev – 2017-03-04T19:00:02.080

Asked: 2017-02-28T22:01:43.297

Viewed: 1 681 times

Active: 2017-03-02T10:22:44.800