Last Domain User Logon Powershell Script

I need a powershell script that will let me put in a computer name, and tell me who the last domain user logged on to that workstation was.  I have been using the following, but it only gives me the primary owner name:

PS> Gwmi Win32_ComputerSystem -Comp "pcname"
LVL 1
fireguy1125Asked:
Who is Participating?
 
QlemoConnect With a Mentor Batchelor, Developer and EE Topic AdvisorCommented:
That last script works - just tested from a non-domain-member environment against a domain.
But there are several things which aren't good style. First, we should always indent. Second, it is better to stream the file contents into a pipeline instead of storing it in vars when not needed for other processing. Having to use a bunch of variables will hog the memory in many cases.
Get-Content "c:\server_list.txt" | % {
  Get-WmiObject Win32_NetworkLoginProfile -computername $_ | % {
    if ($_.LastLogon -match "(\d{14})") {
      $row = "" | Select Name,LogonTime
      $row.Name = $_.Name
      $row.LogonTime = [datetime]::ParseExact($matches[0], "yyyyMMddHHmmss", $null)
      $row
    }
  }
}        

Open in new window

BTW, I like use of the RegEx for match here, as it servers two purposes.

That you get your local accounts here is strange. Please check if
gwmi Win32_NetworkLoginProfile -computername

Open in new window

provides the correct (remote/domain) accounts.
0
 
AnuroopsunddCommented:
Get-WmiObject Win32_NetworkLoginProfile |
    Sort -Descending LastLogon |
    Select * -First 1 |
    ? {$_.LastLogon -match "(\d{14})"} |
        % {
            New-Object PSObject -Property @{
                Name=$_.Name ;
                LastLogon=[datetime]::ParseExact($matches[0], "yyyyMMddHHmmss", $null)
            }
        }

http://www.powershellcommunity.org/Forums/tabid/54/aft/4831/Default.aspx
0
 
fireguy1125Author Commented:
Which area do I enter the computer name in your code? And also, is there a way to copy and paste all your lines into powershell at once? Every time I do it, it just brings me to another >> line. Thanks.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
AnuroopsunddCommented:
$data = @()
$profiles = GWMI Win32_NetworkLoginProfile -ComputerName COMPUTER_NAME
foreach ($profile in $profiles){
$date = $profile.LastLogon
if ($date -ne $null -and $date -ne "**************.******+***") {
$row = "" | Select User,LogonTime
$year = $date.SubString(0,4)
$month = $date.SubString(4,2)
$day = $date.SubString(6,2)
$hour = $date.SubString(8,2)
$min = $date.SubString(10,2)
$sec = $date.Substring(12,2)
$row.User = $Profile.Name
$row.LogonTime = Get-Date -Date ($month + "/" + $day + "/" + $year + " " + $hour + ":" + $min + ":" + $sec)
$data += $row
}
}
$data | Sort -Descending LogonTime | select -First
0
 
fireguy1125Author Commented:
I copied and pasted the code, and changed the COMPUTER_NAME, however when I press enter, it still brings me to another blank line >>
0
 
fireguy1125Author Commented:
Ok, I read somewhere I have to press Enter twice on the keyboard :)  However, it brings me back to the first issue, where the results it returns are only LOCAL users on that computer, I need the domain user accounts.
0
 
prashanthdCommented:
You need to copy the code to a .ps1 file and execute the file..
0
 
fireguy1125Author Commented:
Can you please provide code for that, since I'm not fluent in PowerShell.   Thank you.
0
 
prashanthdCommented:
copy anyone of the above code to notepad, save file as lastuser.ps1 and execute from powershell window.

http://technet.microsoft.com/en-us/library/ee176949.aspx
0
 
fireguy1125Author Commented:
Followed instructions in technet article provide, created the lastuser.ps1 file, and ran the script, however it returns error:

PS C:\> .\lastuser.ps1
Select-Object : Missing an argument for parameter 'First'. Specify a parameter of type 'System.Int32' and try again.
At C:\lastuser.ps1:18 char:51
+ $data | Sort -Descending LogonTime | select -First <<<<
    + CategoryInfo          : InvalidArgument: (:) [Select-Object], ParameterBindingException
    + FullyQualifiedErrorId : MissingArgument,Microsoft.PowerShell.Commands.SelectObjectCommand
0
 
prashanthdCommented:
Try the following..

$data = @()

$NetLogs = Get-WmiObject Win32_NetworkLoginProfile

foreach ($NetLog in $NetLogs) {
if ($NetLog.LastLogon -match "(\d{14})") {
$row = "" | Select Name,LogonTime
$row.Name = $NetLog.Name
$row.LogonTime=[datetime]::ParseExact($matches[0], "yyyyMMddHHmmss", $null)
$data += $row
}
}

$data

Open in new window

0
 
fireguy1125Author Commented:
Where do I enter the computer name that I want to check this against in that script? When I run that, it only shows the domain controller that I am running it on. So it works, I just need to input domain computers in it to check on those.
0
 
prashanthdCommented:
Try the following..

$strcomputer="DC001"
$data = @()

$NetLogs = Get-WmiObject Win32_NetworkLoginProfile -computername $strcomputer

foreach ($NetLog in $NetLogs) {
if ($NetLog.LastLogon -match "(\d{14})") {
$row = "" | Select Name,LogonTime
$row.Name = $NetLog.Name
$row.LogonTime=[datetime]::ParseExact($matches[0], "yyyyMMddHHmmss", $null)
$data += $row
}
}

$data
        

Open in new window

0
 
prashanthdCommented:
Give all the server names to query in a text file and modify the path to text file

$file=Get-Content "c:\server_list.txt"

foreach($strcomputer in $file){
$data = @()

$NetLogs = Get-WmiObject Win32_NetworkLoginProfile -computername $strcomputer

foreach ($NetLog in $NetLogs) {
if ($NetLog.LastLogon -match "(\d{14})") {
$row = "" | Select Name,LogonTime
$row.Name = $NetLog.Name
$row.LogonTime=[datetime]::ParseExact($matches[0], "yyyyMMddHHmmss", $null)
$data += $row
}
}

$data
}        

Open in new window

0
 
fireguy1125Author Commented:
So I put in all the domain controllers we have in the text file, now where do I put in the computer name?
0
 
prashanthdConnect With a Mentor Commented:
Do you need to query one workstation at a time or multiple workstations?

If multiple workstations put all the workstations to be queried in the text file.

If only one workstation modify the $strcomputer="WKS001" in the second last script
0
 
fireguy1125Author Commented:
When I put the workstation names in the server_list.txt file, it doesn't return the domain logins, but the local logins.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.