?
Solved

Powershell Command - Login/logout Report

Posted on 2014-12-01
7
Medium Priority
?
573 Views
Last Modified: 2014-12-04
i am trying to get the information of login time stamps for one user that left the company. ( Active Directory 2008 R2)

Computer Name - Username - Date -
XYZComputer      - User1         - 11/1/14
XYZComputer      - User1         - 11/11/14
XYZComputer      - User1         - 11/14/14
XYZComputer      - User1         - 11/21/14
XYZComputer      - User1         - 11/22/14

and export a CSV
0
Comment
Question by:Jorge Ocampo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 25

Expert Comment

by:NVIT
ID: 40474983
I haven't tested this:

Open a CMD prompt

powershell

import-module Active Directory

Get-ADUser -identity user1 -Properties "LastLogonDate" | Export-Csv .\output.csv

Open in new window

0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40476175
on the right track but i would like 30 days minmum of logins with the computer he loged in to
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477081
You will need to query the Security Event Log on the computer in question, not AD.

Something like this script will probably do the trick:
https://gallery.technet.microsoft.com/scriptcenter/Log-Parser-to-Identify-8aac36bd
0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40477100
the script doesnt list -identity do you see it?
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477145
No it doesn't, but with the power of Excel it's quite easy to put a filter on and get the info you need.

The output display's like this:
Type: Logoff                 Date:  01/12/2014 19:49:34      Status: Success User:  UserA
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1

Excel > Copy the output into the cell and use Text to Columns with a fixed column width or maybe tab.

Or, you can do a bit of research on the event logs in the security log yourself and tweak this one liner to see if it returns the output:

Get-EventLog Security |? Message -match "domain\user" |? {$_.Eventid -eq "4625" -or $_.Eventid -eq "4647
"}
0
 
LVL 25

Accepted Solution

by:
NVIT earned 1500 total points
ID: 40477231
0
 
LVL 25

Expert Comment

by:NVIT
ID: 40481852
Jorge,

I glad it worked out for you.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question