PowerShell Script to get Last Logon of User

I recently found a PowerShell script that I'm wanting to use to get a list of the most current computers a user is logged into.  The script looks at a domain controller's security logs for this information.  Is there a way to tweak this script so it looks at multiple domain controllers rather than just one?

Here's the script:
function Get-UserComputerName { 
    <# 
.SYNOPSIS 
   Searches a specified Domain Controller for the computername of a logged on user.   
.DESCRIPTION 
   Queries a DC for Event ID 4768 (Kerberos authentication ticket,TGT) request from the servers Security 
   event log. 
.PARAMETER UserName 
   SamAccount name of the user to search for 
.EXAMPLE 
   PS> .\Get-UserComputerName -UserName "John_Doe" -Server "My_DC" 
   Searches for user John_Doe on Domain Controller My_DC 
.EXAMPLE 
    PS> .\Get-UserComputerName -Username "John_Doe" 
    Searches for user John_Doe using the logged on server name for the current user 
    running the script.  
.EXAMPLE  
    PS> .\Get-UserComputerName  
    Searches the current user on the logged on server name 
#> 
 
    param([string]$username = $env:username,[string]$server = $env:logonserver) 
    $ErrorActionPreference = "silentlycontinue" 
    if ($server.StartsWith("\\dc")) {$server = $server.Remove(0,2)} 
 
    $events = Get-WinEvent -ComputerName $server -MaxEvents 5 -FilterHashTable @{logname="security";id=4768;data=$username} 
    # Check if error has been raised from EventLog Query. 
    if (!$?) {Write-Warning "No successful logon events were found on Server: $server for Username: $username"  
        break 
    } 
 
    foreach ($event in $events) { 
        $myObject = New-Object -TypeName system.Object 
        [string]$Computer = $event.message.split("`n") | Select-String "Client Address" 
        $addressLine = $computer.replace("Client Address:",'') 
        $addressLine = $addressLine.trim() 
        if ($addressLine.startswith("::ffff:")) { $address = $addressLine.replace("::ffff:",'') } 
        $DNSResult = [system.Net.Dns]::Resolve($address) 
        $ComputerName = $DNSResult.HostName 
        $timeStamp = $event.timecreated 
 
        $myObject | Add-Member -MemberType noteproperty -Name AuthDC -Value $server 
        $myObject | Add-Member -MemberType noteproperty -Name TimeStamp -Value $timeStamp 
        $myObject | Add-Member -MemberType noteproperty -Name UserName -Value $username 
        $myObject | Add-Member -MemberType noteproperty -Name IPAddress -Value $address 
        $myObject | Add-Member -MemberType noteproperty -Name ComputerName -Value $computerName 
        $myObject 
    } 
}

Open in new window

Sedgwick_CountyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SubsunCommented:
I presume the code which you posted works for you on single DC. If yes, here is the modified version of your code..
function Get-UserComputerName { 
    <# 
.SYNOPSIS 
   Searches a specified Domain Controller for the computername of a logged on user.   
.DESCRIPTION 
   Queries a DC for Event ID 4768 (Kerberos authentication ticket,TGT) request from the servers Security 
   event log. 
.PARAMETER UserName 
   SamAccount name of the user to search for 
.EXAMPLE 
   PS> .\Get-UserComputerName -UserName "John_Doe" -Server "My_DC" 
   Searches for user John_Doe on Domain Controller My_DC 
.EXAMPLE 
    PS> .\Get-UserComputerName -Username "John_Doe" 
    Searches for user John_Doe using the logged on server name for the current user 
    running the script.  
.EXAMPLE  
    PS> .\Get-UserComputerName  
    Searches the current user on the logged on server name 
#> 
 
    param([string]$username = $env:username,[string[]]$server = $env:logonserver) 
    $ErrorActionPreference = "silentlycontinue"
		$server | %{
		$server = $_
    if ($server.StartsWith("\\dc")) {$server = $server.Remove(0,2)} 
 
    $events = Get-WinEvent -ComputerName $server -MaxEvents 5 -FilterHashTable @{logname="security";id=4768;data=$username} 
    # Check if error has been raised from EventLog Query. 
    if (!$?) {Write-Warning "No successful logon events were found on Server: $server for Username: $username"  
    }Else{ 
 
    foreach ($event in $events) { 
        $myObject = New-Object -TypeName system.Object 
        [string]$Computer = $event.message.split("`n") | Select-String "Client Address" 
        $addressLine = $computer.replace("Client Address:",'') 
        $addressLine = $addressLine.trim() 
        if ($addressLine.startswith("::ffff:")) { $address = $addressLine.replace("::ffff:",'') } 
        $DNSResult = [system.Net.Dns]::Resolve($address) 
        $ComputerName = $DNSResult.HostName 
        $timeStamp = $event.timecreated 
 
        $myObject | Add-Member -MemberType noteproperty -Name AuthDC -Value $server 
        $myObject | Add-Member -MemberType noteproperty -Name TimeStamp -Value $timeStamp 
        $myObject | Add-Member -MemberType noteproperty -Name UserName -Value $username 
        $myObject | Add-Member -MemberType noteproperty -Name IPAddress -Value $address 
        $myObject | Add-Member -MemberType noteproperty -Name ComputerName -Value $computerName 
        $myObject 
    }
   }
  }
}

Open in new window


Usage..
.\Get-UserComputerName -UserName "John_Doe" -Server "My_DC1","My_DC2"

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.