mjm21
asked on
Powershell / Quest cmdlets script that would get the lastlogon for all users in the domain
Powershell / Quest cmdlets script that would get the lastlogon for all users in the domain.
This is what I have, but the lastlogon is incorrect because it does not query all of the Domain Controllers. I would like someone to help me achieve this please.
get-qaduser –sizelimit 0 -IncludeAllProperties | select samaccountname,displayname ,accountis disabled,l astlogon,d n,parentco ntainerdn, homemdb,ms exchhomese rvername | export-csv c:\UserStats_Report.csv -notype
This is what I have, but the lastlogon is incorrect because it does not query all of the Domain Controllers. I would like someone to help me achieve this please.
get-qaduser –sizelimit 0 -IncludeAllProperties | select samaccountname,displayname
And if you want to use Quest commands then try..
$domain = "Domain.com"
$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$domaincontrollers = $myforest.Sites | % { $_.Servers } | Select Name
Get-QADUser -SizeLimit 0 -dudip -Ip samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername | % {
$User = $_
$RealUserLastLogon = $null
$domainsuffix = "*."+$domain
foreach ($DomainController in $DomainControllers)
{
if ($DomainController.Name -like $domainsuffix )
{ Connect-QADService $DomainController.Name | Out-Null
$UserLastlogon = (Get-QADUser $User.samaccountname -dudip -Ip lastlogon).lastlogon
if ($RealUserLastLogon -le $UserLastlogon)
{
$RealUserLastLogon = $UserLastlogon
}
}
}
New-Object PSObject -Property @{
samaccountname = $User.samaccountname
displayname = $User.displayname
accountisdisabled = $User.accountisdisabled
lastlogon = $RealUserLastLogon
dn = $User.dn
parentcontainerdn = $User.parentcontainerdn
homemdb = $User.homemdb
msexchhomeservername = $User.msexchhomeservername
}
} | select samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername
| Export-Csv C:\report.csv -nti
ASKER
Ok - this will check all domain controllers?
ASKER
Run and get this error:
An empty pipe element is not allowed.
At line:34 char:1
An empty pipe element is not allowed.
At line:34 char:1
ASKER
Ok - it is working now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771