Powershell query to get users logged in in last 30 days
I'm trying to write an extremely simple query that will pull all users whose last logon date is within the last thirty days. What I'm stuck on is that if I use a filter of {lastlogontimestamp -gt "Date of 30 days ago"} I get results. But as soon as I make the filter -lt or -le I get zero results. I know there are more complicated methods to write this query but I specifically would like to use the simplest possible. I know that lastlogontimestamp is intentionally inaccurate, that's not a problem for me.
Part 2 of the question is what value can I use for my output that will return an actual date? For instance, if I use lastlogontimestamp as an output the field is just blank.
Here's what I'm trying to use: Get-ADUser -Filter {lastlogontimestamp -le 08202013} | ft N
ame,lastlogontimestamp
Part 2 of the question is what value can I use for my output that will return an actual date? For instance, if I use lastlogontimestamp as an output the field is just blank.
Here's what I'm trying to use: Get-ADUser -Filter {lastlogontimestamp -le 08202013} | ft N
ame,lastlogontimestamp
Be sure to load the quest module first.
Add-PSSnapin Quest.ActiveRoles.ADManage
Add-PSSnapin Quest.ActiveRoles.ADManage
The purpose of the lastLogontimeStamp attribute is to locate inactive accounts, not provide real-time logon information.
Use the following powershell script to get your details...
Copy and Paste entire code into a txt file and save the file extension as .ps1
Copy and Paste entire code into a txt file and save the file extension as .ps1
# Import the Active Directory Module
Import-module activedirectory
#
# Create a variable for get-date (current date)
$date = get-date
#
# Create a variable called $User to get all users in Active Directory with all Properties
$User = Get-ADUser -Filter 'objectclass -eq "User"' -Properties *
#
# Display all Users within Active Directory that have been created in the last 30 days
$User | Where-Object {$_.whenCreated -gt $date.adddays(-30)} |
#
# Sort the out-put data by LastLogonDate
Sort-Object -Property LastLogonDate |
#
# Display the information with the below headings
Select whenCreated,LastLogonDate,Enabled |
#
# Export the results to CSV file
Out-file c:\UsersLast30Days.csvASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Footech, that is exactly what I was looking for, that's returning the results I expect.
Not sure why but when I used the -gt modifier for the lastlogontimestamp it was giving me dates older than my target date, not newer, so that's why I was working on getting lt or le to work.
I had originally thought to use lastlogondate instead of lastlogontimestamp. I can't remember now why I switched but obviously my first instinct was better and I should have stuck with it.
Not sure why but when I used the -gt modifier for the lastlogontimestamp it was giving me dates older than my target date, not newer, so that's why I was working on getting lt or le to work.
I had originally thought to use lastlogondate instead of lastlogontimestamp. I can't remember now why I switched but obviously my first instinct was better and I should have stuck with it.
get-qaduser -NotLoggedOnFor 30 -SizeLimit 0 | Sort-Object Name | out-file c:\ADUsersLogon30days.csv