Solved

Powershell Command - Login/logout Report

Posted on 2014-12-01
7
491 Views
Last Modified: 2014-12-04
i am trying to get the information of login time stamps for one user that left the company. ( Active Directory 2008 R2)

Computer Name - Username - Date -
XYZComputer      - User1         - 11/1/14
XYZComputer      - User1         - 11/11/14
XYZComputer      - User1         - 11/14/14
XYZComputer      - User1         - 11/21/14
XYZComputer      - User1         - 11/22/14

and export a CSV
0
Comment
Question by:Jorge Ocampo
  • 3
  • 2
  • 2
7 Comments
 
LVL 24

Expert Comment

by:NVIT
ID: 40474983
I haven't tested this:

Open a CMD prompt

powershell

import-module Active Directory

Get-ADUser -identity user1 -Properties "LastLogonDate" | Export-Csv .\output.csv

Open in new window

0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40476175
on the right track but i would like 30 days minmum of logins with the computer he loged in to
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477081
You will need to query the Security Event Log on the computer in question, not AD.

Something like this script will probably do the trick:
https://gallery.technet.microsoft.com/scriptcenter/Log-Parser-to-Identify-8aac36bd
0
Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40477100
the script doesnt list -identity do you see it?
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477145
No it doesn't, but with the power of Excel it's quite easy to put a filter on and get the info you need.

The output display's like this:
Type: Logoff                 Date:  01/12/2014 19:49:34      Status: Success User:  UserA
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1

Excel > Copy the output into the cell and use Text to Columns with a fixed column width or maybe tab.

Or, you can do a bit of research on the event logs in the security log yourself and tweak this one liner to see if it returns the output:

Get-EventLog Security |? Message -match "domain\user" |? {$_.Eventid -eq "4625" -or $_.Eventid -eq "4647
"}
0
 
LVL 24

Accepted Solution

by:
NVIT earned 500 total points
ID: 40477231
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40481852
Jorge,

I glad it worked out for you.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is intended as a guide to using PowerShell as a more versatile and reliable form of application detection in SCCM.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question