[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Scheduled Task: LastLogon PowerShell Script with Email

Posted on 2016-10-25
Medium Priority
Last Modified: 2016-10-31
Good Morning, Experts!

Firstly, I will be the first to admit: I am a PowerShell amateur.

What we are wanting to do is setup a script that will:

- Audit all Active Directory Users, to see when their last logon was (lastlogon)
- Export this information to a .csv file labeled lastlogon-audit-<yyyymmdd>
- Include the following LDAP fields, each in its own column: Login Name, Display Name, Email Address, Description, Account Disabled, Last Logon
- If possible, highlight users who have not logged in for more than 7 days
- Email that report to a specific email address

We have a similar setup for Password Expiration, though that script is more sophisticated, in that it emails the users whose passwords will expire in 14 days, and outlines password rules. That script predates my time here.
Question by:Woodrax
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
ID: 41859528
Try this.
Gets the info you need (except account disabled, need to find that attribute name), and exports to a csv.

Get-ADUser -Filter * -Properties * | Select-Object Name, @{Name=”Last Successful Logon”;Expression={[datetime]::FromFileTime($_.’lastLogonTimeStamp’)}},mail,displayname,description | Sort-Object “Last Successful Logon”| Export-Csv C:\Powershell\output.csv

This will send you and email of the CSV attachment that was exported to the path of your choice.

Send-MailMessage -From "THEUSERNAME <username@yourdomain.com>" -TO "USERNAME <Validemailaddress@yourdomain.com>" -Subject "SUBJECT DESCRIPTION" -Body "A MESSAGE IN THE BODY." -Attachments "C:\APATHYOUCHOOSE\output.csv" -SmtpServer "YOUR SMTP SERVER"
ID: 41859534
login name is "samaccountname"  I forgot that so add in this the selection so to make it easier it is this.

Get-ADUser -Filter * -Properties * | Select-Object Name, @{Name=”Last Successful Logon”;Expression={[datetime]::FromFileTime($_.’lastLogonTimeStamp’)}},samaccountname,mail,displayname,description | Sort-Object “Last Successful Logon”| Export-Csv C:\Powershell\output.csv

Assisted Solution

by:get-ADuser -F ($_.Name -eq "Todd")
get-ADuser -F ($_.Name -eq "Todd") earned 2000 total points
ID: 41859584
Here's the whole thing.  Your date format was tough because you have to manipulate it a bit to put in the format you want.

# Get date values
$Date = Get-Date
[String]$Year = $Date.Year
[String]$Month = $Date.Month
[String]$Day = $Date.Day

# Pad the date parts with leading 0's
If ( $Month.ToString().Length -lt 2 ) { $Month = '0' + $Month }
If ( $Day.ToString().Length -lt 2 ) { $Day = '0' + $Day }

Get-ADUser -Filter * -Properties * | Select-Object Name, @{Name=”Last Successful Logon”;Expression={[datetime]::FromFileTime($_.’lastLogonTimeStamp’)}},samaccountname,useraccountcontrol,mail,displayname,description | Sort-Object “Last Successful Logon”| Export-Csv C:\YOURPATH\lastlogon-audit_$Year$Month$Day.csv

Send-MailMessage -From "ANYNAME <ANYNAME@oxarc.com>" -TO "NAMEOFVALIDEMAILADDRESS <Validemailaddress@yourdomain.com>" -Subject "YOUR SUBJECT" -Body "YOUR BODY OF EMAIL." -Attachments "C:\YOURPATH\lastlogon-audit_$Year$Month$Day.csv" -SmtpServer "YOURMAILSERVER"

The only thing I had trouble with was the disabled accounts.  The only way I could get those is by this:    

Search-ADAccount -AccountDisabled |select name |ft -wrap

This gives you a list by name of the disabled accounts.  But the rest was tested and works here. Just fill in what is needed that fits your environment.  I put them all in caps.
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Author Comment

ID: 41862071
You are truly a Gentleman and a Scholar, Mr. netcepter! This is more than I expected!

I apologize in advance, but wanted to see if it is possible to add a little functionality to the script. The purpose of this script is to try and ax the bad habit of supervisors "ignoring" users, and allowing their accounts to remain active, even when they are no longer in use. Is it possible to output accounts that have not been used for X amount of days into the body of the email? I think just having the Display Name, and LastSuccessfulAudit attributes will be plenty of information. What I am really envisioning is outputting any accounts that have not logged in for X or more days, so that we can contact supervisors regarding their users. Would there be a way, in both the Script and the Email Output to sort by date?

I also dorked around a bit, and added the manager attribute. It outputs the information, but is the full AD Attribute output, as opposed to just the Manager's name. Not sure how to parse this down to just the name, as it would appear in the Display Name attribute.

Whatever your answer (even if it is "go pound sand"), thanks a million for all of your help!

Accepted Solution

get-ADuser -F ($_.Name -eq "Todd") earned 2000 total points
ID: 41864336
Thanks.  I have got a lot out of Powershell and this site.  So I try to give back.  I know enough to be dangerous and have a lot of .ps1 saves that can mix and match.  LOL.  Not only that, I am addicted to Powershell so that is my Geek statement of the day.  

So here is what I think you are looking for.  I have notes within the script to help you.  But I think you have a good grasp.  I had to put "DisplayName" and "Name" because we have generic accounts. So for testing I needed to add both.  You can just have "DisplayName" if that works for you. Kind of big, I am sure there is better syntax, but I only know what I know.  :)

# Get date values
 $Date = Get-Date
 [String]$Year = $Date.Year
 [String]$Month = $Date.Month
 [String]$Day = $Date.Day
 # Pad the date parts with leading 0's
 If ( $Month.ToString().Length -lt 2 ) { $Month = '0' + $Month }
 If ( $Day.ToString().Length -lt 2 ) { $Day = '0' + $Day }

# This is information you need about your SMTP server

$messageSubject = "All Domain Users"
$message = New-Object System.Net.Mail.MailMessage $smtpfrom, $smtpto
$message.Subject = $messageSubject
$message.IsBodyHTML = $true

    Convert to HTML  You can go to this site to find more color names.
    I use what I can see well. http://www.w3schools.com/colors/colors_names.asp

$a = "<style>"
$a = $a + "BODY{background-color:peachpuff;}"
$a = $a + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}"
$a = $a + "TH{border-width: 2px;padding: 1px;border-style: solid;border-color: black;background-color:lightgray: text-align;right}"
$a = $a + "TD{border-width: 2px;padding: 1px;border-style: solid;border-color: black;background-color:whitesmoke}"
$a = $a + "</style>"

    Here is the amount of days.  I picked 10.  You can change the -gt to whatever you want.
    Keep in mind I get a lot of dates of the year 1600.  I think thats because they never logged in.
    Also, because of Exchange I get all the Exchange HealthMailboxes, etc.  But my Domain is
    in theprocess of cleaning up bad accounts.
    You can limit it by OU and use -searchbase for a specific OU
    Or what I did, and only

$AllUsers = get-aduser -filter *  -properties DisplayName,lastlogontimestamp,Manager `
            | ? {(((Get-date) - ([datetime]::FromFileTime($_.lastlogontimestamp))).TotalDays -gt 10)} |sort-object lastlogontimestamp `
            |select name,DisplayName,@{Exp={([datetime]::FromFileTime($_.lastlogontimestamp))};label="Last logon time stamp"},@{n="Manager Name";e={(Get-ADUser -Identity $_.Manager -properties DisplayName).DisplayName}}

    If you need to export to CSV by the date of the file place what I have below to the $allUsers variable
    Then put -attacments at the end of H1> and the path you exported it too
    |export-csv "C:\powershell\Scripts\lastlogon-audit_$Year$Month$Day.csv" -NoTypeInformation -Delimiter ";"

$message.Body = $AllUsers | ConvertTo-HTML -head $a -body "<H1>Users Not Logged On For Over 10 Days</H1>"

$smtp = New-Object Net.Mail.SmtpClient($smtpServer)

Author Comment

ID: 41864361
HOLY CRAP! This is an amazing script! Honestly, seeing the awesome output that you have been able to generate through your scripts makes me want to learn more PowerShell. I know it will take time for me to be as talented as you, but this certainly shows the kind of muscle that PowerShell has!

I think you have done way more than enough for me, considering my initial and second requests. I will be posting a separate request for another script, but definitely think you have earned the points here.  :)

Thanks a billion!


Author Closing Comment

ID: 41864364
Amazing scripts, with so much more than I even thought possible. Wish I could double the points.  :)
ID: 41864451
Thanks much. Glad I could help.     Happy Powershelling....
ID: 41864478
Lastly,  I have always got confused with LastLogonTimeStamp, and LastLogon.  

Replace LastLogonTimeStamp with  LastLogon in your script and you may like the output better.  I think LastLogon is better.  I gave you the stamp. You can research if you want, but both work.

Author Comment

ID: 41866814
Yeah, the lastlogon replacement makes for a cleaner output. Thanks!

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question