Solved

Powershell / Quest cmdlets script that would get the lastlogon for all users in the domain

Posted on 2013-11-15
6
948 Views
Last Modified: 2013-11-26
Powershell / Quest cmdlets script that would get the lastlogon for all users in the domain.

This is what I have, but the lastlogon is incorrect because it does not query all of the Domain Controllers.  I would like someone to help me achieve this please.

get-qaduser –sizelimit 0 -IncludeAllProperties | select samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername | export-csv c:\UserStats_Report.csv -notype
0
Comment
Question by:mjm21
  • 3
  • 3
6 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 39651549
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39651702
And if you want to use Quest commands then try..

$domain = "Domain.com" 
$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() 
$domaincontrollers = $myforest.Sites | % { $_.Servers } | Select Name 

Get-QADUser -SizeLimit 0 -dudip -Ip samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername | % {

$User = $_

$RealUserLastLogon = $null 
$domainsuffix = "*."+$domain 

foreach ($DomainController in $DomainControllers)  
{ 
    if ($DomainController.Name -like $domainsuffix ) 
    { 	Connect-QADService $DomainController.Name | Out-Null
        $UserLastlogon = (Get-QADUser $User.samaccountname -dudip -Ip lastlogon).lastlogon
        if ($RealUserLastLogon -le $UserLastlogon) 
        { 
            $RealUserLastLogon = $UserLastlogon
        }
    } 
}
	New-Object PSObject -Property @{
	samaccountname = $User.samaccountname
	displayname = $User.displayname
	accountisdisabled = $User.accountisdisabled
	lastlogon = $RealUserLastLogon
	dn = $User.dn
	parentcontainerdn = $User.parentcontainerdn
	homemdb = $User.homemdb
	msexchhomeservername = $User.msexchhomeservername
	}
} | select samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername
| Export-Csv C:\report.csv -nti

Open in new window

0
 

Author Comment

by:mjm21
ID: 39651809
Ok - this will check all domain controllers?
0
 

Author Comment

by:mjm21
ID: 39651822
Run and get this error:  

An empty pipe element is not allowed.
At line:34 char:1
0
 

Author Comment

by:mjm21
ID: 39651894
Ok - it is working now.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39651990
There is a type.. You need to change the last lines to
} | select samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername |
Export-Csv C:\report.csv -nti

Open in new window

0

Join & Write a Comment

Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now