Solved

Need to modify PS script to output creation Date, office, etc....

Posted on 2015-01-05
11
188 Views
Last Modified: 2015-01-22
I have the following script that will dump all my users showing the last login date. But I need to get it to dump the creation time, office and last logon DC.

import-module activedirectory

$NumDays = 0
$LogDir = "e:\scripts\lastlogon\Users-Last-Logon.csv"

$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" + $lltIntLimit + "))"

$users = $objstalesearcher.findall() | select `
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'}

$users | Export-CSV -NoType $LogDir

Any idea how to add that to this script?

Thanks
0
Comment
Question by:rdefino
  • 6
  • 5
11 Comments
 
LVL 39

Expert Comment

by:footech
Comment Utility
The office and creation date are pretty simple.
$users = $objstalesearcher.findall() | select `
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'},`
@{e={$_.properties.whencreated};n='Created'},`
@{e={$_.properties.physicaldeliveryofficename};n='Office'}

Open in new window


However, for the last logon DC you would have to query every DC for the lastLogon attribute and then determine the latest date from all of those, and then choose the corresponding DC that had that date.
0
 

Author Comment

by:rdefino
Comment Utility
Is there a way to script that for the last login DC?

Also how can I have this file get emailed out to a particular address?

thanks
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
I notice the first line of your script is
Import-Module ActiveDirectory
If you actually can use the AD cmdlets, the code is much simpler

You can see an example with this script from the MS Technet Gallery.
https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771

To send an email you can use something like the following.
Send-MailMessage -to "you@company.com" -from "script@company.com" -subject "test" -body "the file is attached" -attachments $LogDir -smtpserver "mail.company.com"

Open in new window

0
 

Author Comment

by:rdefino
Comment Utility
Thanks for the tips.

i did notice that the email I received contained a csv file that was empty but the correct populated file was in the log folder.

Any idea what I missed?
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
There's not much to the command.
If you received an empty file, then the file must have been empty when the command was run.  There's no other possibility that I can think of.
Try the command with some other files.  Just specify the full path to a file for the -attachments parameter.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:rdefino
Comment Utility
Does this look correct. I believe I did the attachment section correct but it still sends a empty file. I do noticed the populated file in the folder before the empty one is sent.

import-module activedirectory
Remove-Item e:\scripts\lastlogon\Users-Last-Logon.csv
$NumDays = 0
$LogDir = "e:\scripts\lastlogon\Users-Last-Logon.csv"

$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" + $lltIntLimit + "))"

$users = $objstalesearcher.findall() | select `
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'},`
@{e={$_.properties.whencreated};n='Created'},`
@{e={$_.properties.physicaldeliveryofficename};n='Office'}

$users | Export-CSV -NoType $LogDir

Send-MailMessage -to "myemail@ssss.com" -from "myemail@sss.com" -smtpserver "sjmail.cadence.com" -subject "User_Last_login" -body "the file is attached" -attachments "e:\scripts\lastlogon\Users-Last-Logon.csv"
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
I don't see any problem.
Just try running that last command with different files to see what happens.
0
 

Author Comment

by:rdefino
Comment Utility
Hi Footech,

I noticed that this script is not pulling the latest last logon date, it seems it's pulling from one particular dc instead of checking all and pulling the latest date. Like you mentioned.

Is it possible to get the script to do that?

Otherwise the script won';t work for me since the date's will be incorrect.

thanks
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
Your script queries the lastlogontimestamp attribute, which is the same on every DC.  I'd suggest the following as good reading.
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
It will help you understand the difference between the lastlogontimestamp and lastlogon atttributes.
0
 

Author Comment

by:rdefino
Comment Utility
So this is what confuses me. Last logon for a user I know logged into his system today shows from 1-15-2014 and lasttimestamp is from 12-29-14.

I know the lasttimestamp is usually about 12 days old, but what about last logon. I checked these in ADSIedit.

So is there anyway to get an up to date list of user and the last time they logged in? Or am I stuck with the the lasttimestamp a they around 12 days old?

thanks for the article, it definitely was a good read.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
Comment Utility
Similar to my statement about finding the last logon DC, you would have to query every DC for the lastLogon attribute and then determine the latest date from all of those.  For a single account it's not too difficult, but when you querying for multiple users it is much more so.

If you're worried about finding unused accounts, then you don't need the most up-to-date or accurate of info.  I would just query the lastlogontimestamp and be done with it.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now