Need to modify PS script to output creation Date, office, etc....

I have the following script that will dump all my users showing the last login date. But I need to get it to dump the creation time, office and last logon DC.

import-module activedirectory

$NumDays = 0
$LogDir = "e:\scripts\lastlogon\Users-Last-Logon.csv"

$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" + $lltIntLimit + "))"

$users = $objstalesearcher.findall() | select `
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'}

$users | Export-CSV -NoType $LogDir

Any idea how to add that to this script?

Thanks
rdefinoAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
footechConnect With a Mentor Commented:
Similar to my statement about finding the last logon DC, you would have to query every DC for the lastLogon attribute and then determine the latest date from all of those.  For a single account it's not too difficult, but when you querying for multiple users it is much more so.

If you're worried about finding unused accounts, then you don't need the most up-to-date or accurate of info.  I would just query the lastlogontimestamp and be done with it.
0
 
footechCommented:
The office and creation date are pretty simple.
$users = $objstalesearcher.findall() | select `
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'},`
@{e={$_.properties.whencreated};n='Created'},`
@{e={$_.properties.physicaldeliveryofficename};n='Office'}

Open in new window


However, for the last logon DC you would have to query every DC for the lastLogon attribute and then determine the latest date from all of those, and then choose the corresponding DC that had that date.
0
 
rdefinoAuthor Commented:
Is there a way to script that for the last login DC?

Also how can I have this file get emailed out to a particular address?

thanks
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
footechCommented:
I notice the first line of your script is
Import-Module ActiveDirectory
If you actually can use the AD cmdlets, the code is much simpler

You can see an example with this script from the MS Technet Gallery.
https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771

To send an email you can use something like the following.
Send-MailMessage -to "you@company.com" -from "script@company.com" -subject "test" -body "the file is attached" -attachments $LogDir -smtpserver "mail.company.com"

Open in new window

0
 
rdefinoAuthor Commented:
Thanks for the tips.

i did notice that the email I received contained a csv file that was empty but the correct populated file was in the log folder.

Any idea what I missed?
0
 
footechCommented:
There's not much to the command.
If you received an empty file, then the file must have been empty when the command was run.  There's no other possibility that I can think of.
Try the command with some other files.  Just specify the full path to a file for the -attachments parameter.
0
 
rdefinoAuthor Commented:
Does this look correct. I believe I did the attachment section correct but it still sends a empty file. I do noticed the populated file in the folder before the empty one is sent.

import-module activedirectory
Remove-Item e:\scripts\lastlogon\Users-Last-Logon.csv
$NumDays = 0
$LogDir = "e:\scripts\lastlogon\Users-Last-Logon.csv"

$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" + $lltIntLimit + "))"

$users = $objstalesearcher.findall() | select `
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'},`
@{e={$_.properties.whencreated};n='Created'},`
@{e={$_.properties.physicaldeliveryofficename};n='Office'}

$users | Export-CSV -NoType $LogDir

Send-MailMessage -to "myemail@ssss.com" -from "myemail@sss.com" -smtpserver "sjmail.cadence.com" -subject "User_Last_login" -body "the file is attached" -attachments "e:\scripts\lastlogon\Users-Last-Logon.csv"
0
 
footechCommented:
I don't see any problem.
Just try running that last command with different files to see what happens.
0
 
rdefinoAuthor Commented:
Hi Footech,

I noticed that this script is not pulling the latest last logon date, it seems it's pulling from one particular dc instead of checking all and pulling the latest date. Like you mentioned.

Is it possible to get the script to do that?

Otherwise the script won';t work for me since the date's will be incorrect.

thanks
0
 
footechCommented:
Your script queries the lastlogontimestamp attribute, which is the same on every DC.  I'd suggest the following as good reading.
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
It will help you understand the difference between the lastlogontimestamp and lastlogon atttributes.
0
 
rdefinoAuthor Commented:
So this is what confuses me. Last logon for a user I know logged into his system today shows from 1-15-2014 and lasttimestamp is from 12-29-14.

I know the lasttimestamp is usually about 12 days old, but what about last logon. I checked these in ADSIedit.

So is there anyway to get an up to date list of user and the last time they logged in? Or am I stuck with the the lasttimestamp a they around 12 days old?

thanks for the article, it definitely was a good read.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.