• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 235
  • Last Modified:

Need to modify PS script to output creation Date, office, etc....

I have the following script that will dump all my users showing the last login date. But I need to get it to dump the creation time, office and last logon DC.

import-module activedirectory

$NumDays = 0
$LogDir = "e:\scripts\lastlogon\Users-Last-Logon.csv"

$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" + $lltIntLimit + "))"

$users = $objstalesearcher.findall() | select `
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'}

$users | Export-CSV -NoType $LogDir

Any idea how to add that to this script?

Thanks
0
rdefino
Asked:
rdefino
  • 6
  • 5
1 Solution
 
footechCommented:
The office and creation date are pretty simple.
$users = $objstalesearcher.findall() | select `
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'},`
@{e={$_.properties.whencreated};n='Created'},`
@{e={$_.properties.physicaldeliveryofficename};n='Office'}

Open in new window


However, for the last logon DC you would have to query every DC for the lastLogon attribute and then determine the latest date from all of those, and then choose the corresponding DC that had that date.
0
 
rdefinoAuthor Commented:
Is there a way to script that for the last login DC?

Also how can I have this file get emailed out to a particular address?

thanks
0
 
footechCommented:
I notice the first line of your script is
Import-Module ActiveDirectory
If you actually can use the AD cmdlets, the code is much simpler

You can see an example with this script from the MS Technet Gallery.
https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771

To send an email you can use something like the following.
Send-MailMessage -to "you@company.com" -from "script@company.com" -subject "test" -body "the file is attached" -attachments $LogDir -smtpserver "mail.company.com"

Open in new window

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
rdefinoAuthor Commented:
Thanks for the tips.

i did notice that the email I received contained a csv file that was empty but the correct populated file was in the log folder.

Any idea what I missed?
0
 
footechCommented:
There's not much to the command.
If you received an empty file, then the file must have been empty when the command was run.  There's no other possibility that I can think of.
Try the command with some other files.  Just specify the full path to a file for the -attachments parameter.
0
 
rdefinoAuthor Commented:
Does this look correct. I believe I did the attachment section correct but it still sends a empty file. I do noticed the populated file in the folder before the empty one is sent.

import-module activedirectory
Remove-Item e:\scripts\lastlogon\Users-Last-Logon.csv
$NumDays = 0
$LogDir = "e:\scripts\lastlogon\Users-Last-Logon.csv"

$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" + $lltIntLimit + "))"

$users = $objstalesearcher.findall() | select `
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'},`
@{e={$_.properties.whencreated};n='Created'},`
@{e={$_.properties.physicaldeliveryofficename};n='Office'}

$users | Export-CSV -NoType $LogDir

Send-MailMessage -to "myemail@ssss.com" -from "myemail@sss.com" -smtpserver "sjmail.cadence.com" -subject "User_Last_login" -body "the file is attached" -attachments "e:\scripts\lastlogon\Users-Last-Logon.csv"
0
 
footechCommented:
I don't see any problem.
Just try running that last command with different files to see what happens.
0
 
rdefinoAuthor Commented:
Hi Footech,

I noticed that this script is not pulling the latest last logon date, it seems it's pulling from one particular dc instead of checking all and pulling the latest date. Like you mentioned.

Is it possible to get the script to do that?

Otherwise the script won';t work for me since the date's will be incorrect.

thanks
0
 
footechCommented:
Your script queries the lastlogontimestamp attribute, which is the same on every DC.  I'd suggest the following as good reading.
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
It will help you understand the difference between the lastlogontimestamp and lastlogon atttributes.
0
 
rdefinoAuthor Commented:
So this is what confuses me. Last logon for a user I know logged into his system today shows from 1-15-2014 and lasttimestamp is from 12-29-14.

I know the lasttimestamp is usually about 12 days old, but what about last logon. I checked these in ADSIedit.

So is there anyway to get an up to date list of user and the last time they logged in? Or am I stuck with the the lasttimestamp a they around 12 days old?

thanks for the article, it definitely was a good read.
0
 
footechCommented:
Similar to my statement about finding the last logon DC, you would have to query every DC for the lastLogon attribute and then determine the latest date from all of those.  For a single account it's not too difficult, but when you querying for multiple users it is much more so.

If you're worried about finding unused accounts, then you don't need the most up-to-date or accurate of info.  I would just query the lastlogontimestamp and be done with it.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now