Islandr
asked on
Finding the lastest logon time
Hi Experts,
I have 3 domain controllers on my environment they replicate with eachother as you all know, I am trying to get the lastlogon time of every user in my environment, keep in mind that these users do not hit a domain controller they could hit DC1, DC2 or DC3 as they logon, so I found a solution on line that is suppose to help me:
http://dmitrysotnikov.wordpress.com/2008/07/18/finding-the-latest-logon-time/#comment-7029
This solutions uses the ActiveRoles Management Shell from Quest and when I attempt to execute the script I get no results, here is the script:
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName username).LastLogon
} | Measure-Latest
Measure-Lastest is a function that Dmitry created and can be found here:
http://dmitrysotnikov.wordpress.com/2008/07/16/measure-latest-finding-the-latest-date-time/
# get a set of DateTime values from the pipeline
# filter out $nulls and produce the latest of them
# (c) Dmitry Sotnikov
function Measure-Latest {
BEGIN { $latest = $null }
PROCESS {
if (($_ -ne $null) -and (($latest -eq $null) -or ($_ -gt $latest))) {
$latest = $_
}
}
END { $latest }
}
So in order to run this I have to follow the directions on the link listed above, but the easiest way to run the script is by creating a script for the measure-lastest.ps1 and another one with this:
. c:\scripts\measure-latest. ps1
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName username).LastLogon.Value
} | Measure-Latest
and save the script as whatever.PS1, but again, somehow I am unable to obtain any display results on my screen, I run it and nothing happens.
I have 3 domain controllers on my environment they replicate with eachother as you all know, I am trying to get the lastlogon time of every user in my environment, keep in mind that these users do not hit a domain controller they could hit DC1, DC2 or DC3 as they logon, so I found a solution on line that is suppose to help me:
http://dmitrysotnikov.wordpress.com/2008/07/18/finding-the-latest-logon-time/#comment-7029
This solutions uses the ActiveRoles Management Shell from Quest and when I attempt to execute the script I get no results, here is the script:
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName username).LastLogon
} | Measure-Latest
Measure-Lastest is a function that Dmitry created and can be found here:
http://dmitrysotnikov.wordpress.com/2008/07/16/measure-latest-finding-the-latest-date-time/
# get a set of DateTime values from the pipeline
# filter out $nulls and produce the latest of them
# (c) Dmitry Sotnikov
function Measure-Latest {
BEGIN { $latest = $null }
PROCESS {
if (($_ -ne $null) -and (($latest -eq $null) -or ($_ -gt $latest))) {
$latest = $_
}
}
END { $latest }
}
So in order to run this I have to follow the directions on the link listed above, but the easiest way to run the script is by creating a script for the measure-lastest.ps1 and another one with this:
. c:\scripts\measure-latest.
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName username).LastLogon.Value
} | Measure-Latest
and save the script as whatever.PS1, but again, somehow I am unable to obtain any display results on my screen, I run it and nothing happens.
I'll let some of the powershell guys answer this one, you could pull the lastlogontimestamp attribute too
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
...not as accurate lastlogon but it does replicate.
Thanks
Mike
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
...not as accurate lastlogon but it does replicate.
Thanks
Mike
The culprit is
(Get-QADUser ....).LastLogon.Value
because there is no property called Value for LastLogon. Just omit that (.Value), and it should work.
Of course you need to replace username by something existing.
If you want to get errors for uninitialized vars and non-existent properties and methods, use
set-strictmode -Version 2.0
(Get-QADUser ....).LastLogon.Value
because there is no property called Value for LastLogon. Just omit that (.Value), and it should work.
Of course you need to replace username by something existing.
If you want to get errors for uninitialized vars and non-existent properties and methods, use
set-strictmode -Version 2.0
A PowerShell script has also been developed to query all Domain Controllers in the domain for the largest (latest) value of the lastLogon attribute for each user in the domain. This program uses the DirectoryServices.DirectorySearcher object. The last logon dates for each user are converted into local time. The times are adjusted for daylight savings time, so they may differ from the values reported by the LastLogon.vbs program by one hour. This program works in PowerShell V1 and V2.
# PSLastLogon.ps1
# PowerShell script to determine when each user in the domain last
# logged on.
#
# ----------------------------------------------------------------------
# Copyright (c) 2011 Richard L. Mueller
# Hilltop Lab web site - http://www.rlmueller.net
# Version 1.0 - March 16, 2011
#
# This program queries every Domain Controller in the domain to find the
# largest (latest) value of the lastLogon attribute for each user. The
# last logon dates for each user are converted into local time. The
# times are adjusted for daylight savings time, as presently configured.
#
# You have a royalty-free right to use, modify, reproduce, and
# distribute this script file in any way you find useful, provided that
# you agree that the copyright owner above has no warranty, obligations,
# or liability for such use.
Trap {"Error: $_"; Break;}
$D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Domain = [ADSI]"LDAP://$D"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.PageSize = 200
$Searcher.SearchScope = "subtree"
$Searcher.Filter = "(&(objectCategory=person)(objectClass=user))"
$Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
$Searcher.PropertiesToLoad.Add("lastLogon") > $Null
# Create hash table of users and their last logon dates.
$arrUsers = @{}
# Enumerate all Domain Controllers.
ForEach ($DC In $D.DomainControllers)
{
$Server = $DC.Name
$Searcher.SearchRoot = "LDAP://$Server/" + $Domain.distinguishedName
$Results = $Searcher.FindAll()
ForEach ($Result In $Results)
{
$DN = $Result.Properties.Item("distinguishedName")
$LL = $Result.Properties.Item("lastLogon")
If ($LL.Count -eq 0)
{
$Last = [DateTime]0
}
Else
{
$Last = [DateTime]$LL.Item(0)
}
If ($Last -eq 0)
{
$LastLogon = $Last.AddYears(1600)
}
Else
{
$LastLogon = $Last.AddYears(1600).ToLocalTime()
}
If ($arrUsers.ContainsKey("$DN"))
{
If ($LastLogon -gt $arrUsers["$DN"])
{
$arrUsers["$DN"] = $LastLogon
}
}
Else
{
$arrUsers.Add("$DN", $LastLogon)
}
}
}
# Output latest last logon date for each user.
$Users = $arrUsers.Keys
ForEach ($DN In $Users)
{
$Date = $arrUsers["$DN"]
"$DN;$Date"
}
ASKER
Bxoz,
You script worked, however the Output is not that user friendly, I would like to have something like:
Lastname Firstname Username Lastlogontime
Smith Joe Joe.Smith 8/8/2011 10:34:50 PM
Qlemo,
When executing the script based on your suggestions I got the same resulst:
Nothing is happening, here is a copy of the script:
. c:\scripts\measure-latest. ps1
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName logonname).LastLogon
} | Measure-Latest
I look forward to hear from you all.
Thanks,
You script worked, however the Output is not that user friendly, I would like to have something like:
Lastname Firstname Username Lastlogontime
Smith Joe Joe.Smith 8/8/2011 10:34:50 PM
Qlemo,
When executing the script based on your suggestions I got the same resulst:
Nothing is happening, here is a copy of the script:
. c:\scripts\measure-latest.
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName logonname).LastLogon
} | Measure-Latest
I look forward to hear from you all.
Thanks,
What is "logonname"? Do you want to have the login time of all users listed? That wouldn't work that way, and require much more effort. Where "Logonname" is placed, you need to put a real username in.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Qlemo,
This is what I ran and it worked:
. c:\scripts\measure-latest. ps1
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName Joe_Smith).LastLogon
} | Measure-Latest | format-table
Now, How do I run this to query all users in my AD? instead just one, I know that I can accomplish this by executing the following:
Get-QADUser -sizelimit 0 | select lastname,firstname,logonna me,lastlog on | sort {$_.lastlogon.value.ticks} | convertto-html > test.htm
But the problem is that this just get the results from maybe one domain and do not get the realtime replication between domains and we have 3, please let me know if there is a way that I can get results like:
Lastname Firstname Username Lastlogontime
Smith Joe Joe.Smith 8/8/2011 10:34:50 PM
Using the above script for all users:
. c:\scripts\measure-latest. ps1
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName Joe_Smith).LastLogon
} | Measure-Latest | format-table
Thanks,
This is what I ran and it worked:
. c:\scripts\measure-latest.
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName Joe_Smith).LastLogon
} | Measure-Latest | format-table
Now, How do I run this to query all users in my AD? instead just one, I know that I can accomplish this by executing the following:
Get-QADUser -sizelimit 0 | select lastname,firstname,logonna
But the problem is that this just get the results from maybe one domain and do not get the realtime replication between domains and we have 3, please let me know if there is a way that I can get results like:
Lastname Firstname Username Lastlogontime
Smith Joe Joe.Smith 8/8/2011 10:34:50 PM
Using the above script for all users:
. c:\scripts\measure-latest.
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName Joe_Smith).LastLogon
} | Measure-Latest | format-table
Thanks,
ASKER
Bxoz,
It did not sepate the fields, it's the same output as if I had run the script on the CLI, I know that format-table function can do this, but I do not know where to place it.
Thanks,
It did not sepate the fields, it's the same output as if I had run the script on the CLI, I know that format-table function can do this, but I do not know where to place it.
Thanks,
I don't know if you have take the last code but I have change the last line in the code
"$DN $Date"
instated of
"$DN;$Date"
It work better with CSV i don't know either for format-table
"$DN $Date"
instated of
"$DN;$Date"
It work better with CSV i don't know either for format-table
Islandr,
Do you want to follow both approaches, or concentrate on one? The "manual" approach presented by Bxoz is good if you want to keep off the QAD cmdlets, or want to learn more about the internal processing. The QAD tools however make it more easy to access AD components.
Do you want to follow both approaches, or concentrate on one? The "manual" approach presented by Bxoz is good if you want to keep off the QAD cmdlets, or want to learn more about the internal processing. The QAD tools however make it more easy to access AD components.
ASKER
Qlemo,
I would like to use the two methods, because we need to compare the two reports, so if you can help me with this:
c:\scripts\measure-latest. ps1
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName logonname).LastLogon
} | Measure-Latest
But query all users, I would greatly appreciated.
Thanks,
I would like to use the two methods, because we need to compare the two reports, so if you can help me with this:
c:\scripts\measure-latest.
Get-QADComputer -ComputerRole DomainController | foreach {
(Get-QADUser -Service $_.Name -SamAccountName logonname).LastLogon
} | Measure-Latest
But query all users, I would greatly appreciated.
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Qlemo,
I am getting:
WARNING: This search was configured to retrieve only the first 1000 results. To retrieve more results, increase the size limit using the -SizeLimit parameter or set the default size limit using Set-QADPSSnapinSettings with the -DefaultSizeLimit parameter. Use 0 as the value of size limit to retrieve all possible search results.
So, I know that if I do -SizeLimit 0 the script will query all user with no limit. The question is where may I place the -SizeLimit 0 parameter?
Thanks,
I am getting:
WARNING: This search was configured to retrieve only the first 1000 results. To retrieve more results, increase the size limit using the -SizeLimit parameter or set the default size limit using Set-QADPSSnapinSettings with the -DefaultSizeLimit parameter. Use 0 as the value of size limit to retrieve all possible search results.
So, I know that if I do -SizeLimit 0 the script will query all user with no limit. The question is where may I place the -SizeLimit 0 parameter?
Thanks,
You will set that with Get-QADUser in line 13:
% { Get-QADUser -Service $_.Name -SizeLimit 0 } `
ASKER
Qlemo,
I am still getting the WARNING message. Any ideas?
I am still getting the WARNING message. Any ideas?
Nope.
ASKER
Qlemo,
Alright, I think that I found what was the problem with the WARNING. Somehow the script was caching into the ActiveRoles Management Shell Console and then I was keep getting the warning message after saved the script, so I closed and open another windows console and it ran without issues.
May I split the points between you and Bxoz? I am going to use the two solutions.
Alright, I think that I found what was the problem with the WARNING. Somehow the script was caching into the ActiveRoles Management Shell Console and then I was keep getting the warning message after saved the script, so I closed and open another windows console and it ran without issues.
May I split the points between you and Bxoz? I am going to use the two solutions.
No issues with a split.
ASKER
Qlemo and Bxoz they were in the top, thank you guys for your assistance, I am a newbie in PS, I think that I have a long way to go.
Again, Thanks,
Again, Thanks,
Do you realy need to use Powershell
Because you can dou a simple search
Ad Search