I found a script that is suppost to login and logout information. I need to find login and logout information about a user and the event logs don't go back that far. I would think that AD would have that information. Here is the script that I have. I am useing Server 2008 R2 SP1. I would like some help to figure this out. I know that the computer is wrong but, I don't know have to intergrate the user. I will be using the SAMname. The information is from a month back. I am not sure how long AD keeps that information.
$UserProperty = @{n="User";e={(New-Object System.Security.Principal.SecurityIdentifier
$_.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}}
$TypeProperty = @{n="Action";e={if($_.EventID -eq 7001) {"Logon"} else {"Logoff"}}}
$TimeProeprty = @{n="Time";e={$_.TimeGenerated}}
Get-EventLog System -Source Microsoft-Windows-Winlogon -ComputerName $Computer name goes here | select $UserProperty,$TypeProperty,$TimeProeprty
Thanks for your help.
saves u time writing your own....
www.cjwdev.co.uk