Solved

Powershell Command - Login/logout Report

Posted on 2014-12-01
7
510 Views
Last Modified: 2014-12-04
i am trying to get the information of login time stamps for one user that left the company. ( Active Directory 2008 R2)

Computer Name - Username - Date -
XYZComputer      - User1         - 11/1/14
XYZComputer      - User1         - 11/11/14
XYZComputer      - User1         - 11/14/14
XYZComputer      - User1         - 11/21/14
XYZComputer      - User1         - 11/22/14

and export a CSV
0
Comment
Question by:Jorge Ocampo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 24

Expert Comment

by:NVIT
ID: 40474983
I haven't tested this:

Open a CMD prompt

powershell

import-module Active Directory

Get-ADUser -identity user1 -Properties "LastLogonDate" | Export-Csv .\output.csv

Open in new window

0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40476175
on the right track but i would like 30 days minmum of logins with the computer he loged in to
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477081
You will need to query the Security Event Log on the computer in question, not AD.

Something like this script will probably do the trick:
https://gallery.technet.microsoft.com/scriptcenter/Log-Parser-to-Identify-8aac36bd
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40477100
the script doesnt list -identity do you see it?
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477145
No it doesn't, but with the power of Excel it's quite easy to put a filter on and get the info you need.

The output display's like this:
Type: Logoff                 Date:  01/12/2014 19:49:34      Status: Success User:  UserA
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1

Excel > Copy the output into the cell and use Text to Columns with a fixed column width or maybe tab.

Or, you can do a bit of research on the event logs in the security log yourself and tweak this one liner to see if it returns the output:

Get-EventLog Security |? Message -match "domain\user" |? {$_.Eventid -eq "4625" -or $_.Eventid -eq "4647
"}
0
 
LVL 24

Accepted Solution

by:
NVIT earned 500 total points
ID: 40477231
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40481852
Jorge,

I glad it worked out for you.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question