Solved

Powershell Command - Login/logout Report

Posted on 2014-12-01
7
535 Views
Last Modified: 2014-12-04
i am trying to get the information of login time stamps for one user that left the company. ( Active Directory 2008 R2)

Computer Name - Username - Date -
XYZComputer      - User1         - 11/1/14
XYZComputer      - User1         - 11/11/14
XYZComputer      - User1         - 11/14/14
XYZComputer      - User1         - 11/21/14
XYZComputer      - User1         - 11/22/14

and export a CSV
0
Comment
Question by:Jorge Ocampo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 24

Expert Comment

by:NVIT
ID: 40474983
I haven't tested this:

Open a CMD prompt

powershell

import-module Active Directory

Get-ADUser -identity user1 -Properties "LastLogonDate" | Export-Csv .\output.csv

Open in new window

0
 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40476175
on the right track but i would like 30 days minmum of logins with the computer he loged in to
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477081
You will need to query the Security Event Log on the computer in question, not AD.

Something like this script will probably do the trick:
https://gallery.technet.microsoft.com/scriptcenter/Log-Parser-to-Identify-8aac36bd
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 2

Author Comment

by:Jorge Ocampo
ID: 40477100
the script doesnt list -identity do you see it?
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40477145
No it doesn't, but with the power of Excel it's quite easy to put a filter on and get the info you need.

The output display's like this:
Type: Logoff                 Date:  01/12/2014 19:49:34      Status: Success User:  UserA
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1
Type: Local Logon       Date:  01/12/2014 19:44:52      Status: Success User:  DWM-1

Excel > Copy the output into the cell and use Text to Columns with a fixed column width or maybe tab.

Or, you can do a bit of research on the event logs in the security log yourself and tweak this one liner to see if it returns the output:

Get-EventLog Security |? Message -match "domain\user" |? {$_.Eventid -eq "4625" -or $_.Eventid -eq "4647
"}
0
 
LVL 24

Accepted Solution

by:
NVIT earned 500 total points
ID: 40477231
0
 
LVL 24

Expert Comment

by:NVIT
ID: 40481852
Jorge,

I glad it worked out for you.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question