To convert it to a normal time, use the following command: Get-ADUser -Filter | Sort LastLogonDate | FT Name, LastLogonDate -Autosize The cmdlet returned the time in Timestamp format. To find the last logon time for the domain administrator account, run the command: Get-ADUser -Identity administrator -Properties LastLogon Install this module and import it into your PowerShell session: Import-Module ActiveDirectory For this, you need to use the Active Directory module for Windows PowerShell. You can also use PowerShell to get the user’s last domain logon time. You can also use this command to find all users who are inactive, for example, for 10 weeks: dsquery user domainroot -inactive 10 Find Last Logon Time Using PowerShell The main problem is that the attributes lastLogon and lastLogonTimestamp are stored in timestamp format in AD, and you need to additionally convert it to a normal time format. For example:ĭsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=administrator))" -attr distinguishedName lastLogon lastLogonTimestamp -limit 0 You can also get the last logon time using dsquery. You got the user’s last logon time: 11:14:13. Open a command prompt (you don’t need domain administrator privileges to get AD user info), and run the command: net user administrator /domain| findstr "Last" You can find out the time the user last logged into the domain from the command line using the net or dsquery tools. Therefore, the data in this attribute on a specific DC may not be relevant. However, replication of this attribute takes a long time (this attribute is replicated only if its value is 14 days or older than the previous one). lastLogonTimeStamp attribute is also changed when the user logs on to the domain controller and is replicated to other DCs.The value of this attribute on different DCs for the user can be different or even zero (if the user has never been authenticated on this DC)
Therefore, if there are multiple domain controllers at different AD sites, you will have to check this attribute on each of them and then compare the resulting data. But it only changes on the domain controller that authenticated the user, and is not replicated to other domain controllers. lastLogon attribute is updated when the user logs on to the domain.
0 kommentar(er)
