Solved

Powershell / Quest cmdlets script that would get the lastlogon for all users in the domain

Posted on 2013-11-15
6
991 Views
Last Modified: 2013-11-26
Powershell / Quest cmdlets script that would get the lastlogon for all users in the domain.

This is what I have, but the lastlogon is incorrect because it does not query all of the Domain Controllers.  I would like someone to help me achieve this please.

get-qaduser –sizelimit 0 -IncludeAllProperties | select samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername | export-csv c:\UserStats_Report.csv -notype
0
Comment
Question by:mjm21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 39651549
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39651702
And if you want to use Quest commands then try..

$domain = "Domain.com" 
$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() 
$domaincontrollers = $myforest.Sites | % { $_.Servers } | Select Name 

Get-QADUser -SizeLimit 0 -dudip -Ip samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername | % {

$User = $_

$RealUserLastLogon = $null 
$domainsuffix = "*."+$domain 

foreach ($DomainController in $DomainControllers)  
{ 
    if ($DomainController.Name -like $domainsuffix ) 
    { 	Connect-QADService $DomainController.Name | Out-Null
        $UserLastlogon = (Get-QADUser $User.samaccountname -dudip -Ip lastlogon).lastlogon
        if ($RealUserLastLogon -le $UserLastlogon) 
        { 
            $RealUserLastLogon = $UserLastlogon
        }
    } 
}
	New-Object PSObject -Property @{
	samaccountname = $User.samaccountname
	displayname = $User.displayname
	accountisdisabled = $User.accountisdisabled
	lastlogon = $RealUserLastLogon
	dn = $User.dn
	parentcontainerdn = $User.parentcontainerdn
	homemdb = $User.homemdb
	msexchhomeservername = $User.msexchhomeservername
	}
} | select samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername
| Export-Csv C:\report.csv -nti

Open in new window

0
 

Author Comment

by:mjm21
ID: 39651809
Ok - this will check all domain controllers?
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Author Comment

by:mjm21
ID: 39651822
Run and get this error:  

An empty pipe element is not allowed.
At line:34 char:1
0
 

Author Comment

by:mjm21
ID: 39651894
Ok - it is working now.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39651990
There is a type.. You need to change the last lines to
} | select samaccountname,displayname,accountisdisabled,lastlogon,dn,parentcontainerdn,homemdb,msexchhomeservername |
Export-Csv C:\report.csv -nti

Open in new window

0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question