Solved

Powershell Command - Login/logout Report

Posted on 2014-12-01
7
396 Views
Last Modified: 2014-12-04
i am trying to get the information of login time stamps for one user that left the company. ( Active Directory 2008 R2)

Computer Name - Username - Date -
XYZComputer      - User1         - 11/1/14
XYZComputer      - User1         - 11/11/14
XYZComputer      - User1         - 11/14/14
XYZComputer      - User1         - 11/21/14
XYZComputer      - User1         - 11/22/14

and export a CSV
0
Comment
Question by:Jorge Ocampo
  • 3
  • 2
  • 2
7 Comments
 
LVL 23

Expert Comment

by:NVIT
ID: 40474983
I haven't tested this:

Open a CMD prompt

powershell

import-module Active Directory

Get-ADUser -identity user1 -Properties "LastLogonDate" | Export-Csv .\output.csv

Open in new window

0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40476175
on the right track but i would like 30 days minmum of logins with the computer he loged in to
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477081
You will need to query the Security Event Log on the computer in question, not AD.

Something like this script will probably do the trick:
https://gallery.technet.microsoft.com/scriptcenter/Log-Parser-to-Identify-8aac36bd
0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40477100
the script doesnt list -identity do you see it?
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477145
No it doesn't, but with the power of Excel it's quite easy to put a filter on and get the info you need.

The output display's like this:
Type: Logoff                 Date:  01/12/2014 19:49:34      Status: Success User:  UserA
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1

Excel > Copy the output into the cell and use Text to Columns with a fixed column width or maybe tab.

Or, you can do a bit of research on the event logs in the security log yourself and tweak this one liner to see if it returns the output:

Get-EventLog Security |? Message -match "domain\user" |? {$_.Eventid -eq "4625" -or $_.Eventid -eq "4647
"}
0
 
LVL 23

Accepted Solution

by:
NVIT earned 500 total points
ID: 40477231
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40481852
Jorge,

I glad it worked out for you.
0

Join & Write a Comment

Suggested Solutions

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now