Powershell query to get users logged in in last 30 days

I'm trying to write an extremely simple query that will pull all users whose last logon date is within the last thirty days. What I'm stuck on is that if I use a filter of {lastlogontimestamp -gt "Date of 30 days ago"} I get results. But as soon as I make the filter -lt or -le I get zero results. I know there are more complicated methods to write this query but I specifically would like to use the simplest possible. I know that lastlogontimestamp is intentionally inaccurate, that's not a problem for me.

Part 2 of the question is what value can I use for my output that will return an actual date? For instance, if I use lastlogontimestamp as an output the field is just blank.

Here's what I'm trying to use: Get-ADUser -Filter {lastlogontimestamp -le 08202013} | ft N
ame,lastlogontimestamp
b1narymanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dipopoCommented:
Try this

get-qaduser -NotLoggedOnFor 30 -SizeLimit 0 | Sort-Object Name | out-file c:\ADUsersLogon30days.csv
1
dipopoCommented:
Be sure to load the quest module first.

Add-PSSnapin Quest.ActiveRoles.ADManagement -ErrorAction SilentlyContinue
0
Steven HarrisPresidentCommented:
The purpose of the lastLogontimeStamp attribute is to locate inactive accounts, not provide real-time logon information.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Will SzymkowskiSenior Solution ArchitectCommented:
Use the following powershell script to get your details...

Copy and Paste entire code into a txt file and save the file extension as .ps1

# Import the Active Directory Module
Import-module activedirectory
#
# Create a variable for get-date (current date)
$date = get-date
#
# Create a variable called $User to get all users in Active Directory with all Properties
$User = Get-ADUser -Filter 'objectclass -eq "User"' -Properties *
#
# Display all Users within Active Directory that have been created in the last 30 days
$User | Where-Object {$_.whenCreated -gt $date.adddays(-30)} |
#
# Sort the out-put data by LastLogonDate
Sort-Object -Property LastLogonDate |
#
# Display the information with the below headings
Select whenCreated,LastLogonDate,Enabled |
#
# Export the results to CSV file
Out-file c:\UsersLast30Days.csv

Open in new window

1
footechCommented:
As long as you know the limits of LastLogonTimeStamp...
Better to use LastLogonDate with the MS AD cmdlets, since it gives you datetime formatted object.  When testing I did get some slightly different results when using it as a filter for the AD command vs. for a Where-Object if using a -lt comparison, because the Where-Object filter will include results where it is not set.  However, if you want something within the last 30 days, you would be using a -gt operator
get-aduser -filter {lastlogondate -gt "8/1/2013"} -Properties lastlogondate | select Name,LastLogonDate | sort name

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
b1narymanAuthor Commented:
Footech, that is exactly what I was looking for, that's returning the results I expect.
 Not sure why but when I used the -gt modifier for the lastlogontimestamp it was giving me dates older than my target date, not newer, so that's why I was working on getting lt or le to work.

I had originally thought to use lastlogondate instead of lastlogontimestamp. I can't remember now why I switched but obviously my first instinct was better and I should have stuck with it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.