Scheduled Task: LastLogon PowerShell Script with Email
Good Morning, Experts!
Firstly, I will be the first to admit: I am a PowerShell amateur.
What we are wanting to do is setup a script that will:
- Audit all Active Directory Users, to see when their last logon was (lastlogon)
- Export this information to a .csv file labeled lastlogon-audit-<yyyymmdd>
- Include the following LDAP fields, each in its own column: Login Name, Display Name, Email Address, Description, Account Disabled, Last Logon
- If possible, highlight users who have not logged in for more than 7 days
- Email that report to a specific email address
We have a similar setup for Password Expiration, though that script is more sophisticated, in that it emails the users whose passwords will expire in 14 days, and outlines password rules. That script predates my time here.
Firstly, I will be the first to admit: I am a PowerShell amateur.
What we are wanting to do is setup a script that will:
- Audit all Active Directory Users, to see when their last logon was (lastlogon)
- Export this information to a .csv file labeled lastlogon-audit-<yyyymmdd>
- Include the following LDAP fields, each in its own column: Login Name, Display Name, Email Address, Description, Account Disabled, Last Logon
- If possible, highlight users who have not logged in for more than 7 days
- Email that report to a specific email address
We have a similar setup for Password Expiration, though that script is more sophisticated, in that it emails the users whose passwords will expire in 14 days, and outlines password rules. That script predates my time here.
login name is "samaccountname" I forgot that so add in this the selection so to make it easier it is this.
Get-ADUser -Filter * -Properties * | Select-Object Name, @{Name=”Last Successful Logon”;Expression={[dateti
Get-ADUser -Filter * -Properties * | Select-Object Name, @{Name=”Last Successful Logon”;Expression={[dateti
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You are truly a Gentleman and a Scholar, Mr. netcepter! This is more than I expected!
I apologize in advance, but wanted to see if it is possible to add a little functionality to the script. The purpose of this script is to try and ax the bad habit of supervisors "ignoring" users, and allowing their accounts to remain active, even when they are no longer in use. Is it possible to output accounts that have not been used for X amount of days into the body of the email? I think just having the Display Name, and LastSuccessfulAudit attributes will be plenty of information. What I am really envisioning is outputting any accounts that have not logged in for X or more days, so that we can contact supervisors regarding their users. Would there be a way, in both the Script and the Email Output to sort by date?
I also dorked around a bit, and added the manager attribute. It outputs the information, but is the full AD Attribute output, as opposed to just the Manager's name. Not sure how to parse this down to just the name, as it would appear in the Display Name attribute.
Whatever your answer (even if it is "go pound sand"), thanks a million for all of your help!
I apologize in advance, but wanted to see if it is possible to add a little functionality to the script. The purpose of this script is to try and ax the bad habit of supervisors "ignoring" users, and allowing their accounts to remain active, even when they are no longer in use. Is it possible to output accounts that have not been used for X amount of days into the body of the email? I think just having the Display Name, and LastSuccessfulAudit attributes will be plenty of information. What I am really envisioning is outputting any accounts that have not logged in for X or more days, so that we can contact supervisors regarding their users. Would there be a way, in both the Script and the Email Output to sort by date?
I also dorked around a bit, and added the manager attribute. It outputs the information, but is the full AD Attribute output, as opposed to just the Manager's name. Not sure how to parse this down to just the name, as it would appear in the Display Name attribute.
Whatever your answer (even if it is "go pound sand"), thanks a million for all of your help!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HOLY CRAP! This is an amazing script! Honestly, seeing the awesome output that you have been able to generate through your scripts makes me want to learn more PowerShell. I know it will take time for me to be as talented as you, but this certainly shows the kind of muscle that PowerShell has!
I think you have done way more than enough for me, considering my initial and second requests. I will be posting a separate request for another script, but definitely think you have earned the points here. :)
Thanks a billion!
Mat
I think you have done way more than enough for me, considering my initial and second requests. I will be posting a separate request for another script, but definitely think you have earned the points here. :)
Thanks a billion!
Mat
ASKER
Amazing scripts, with so much more than I even thought possible. Wish I could double the points. :)
Thanks much. Glad I could help. Happy Powershelling....
Lastly, I have always got confused with LastLogonTimeStamp, and LastLogon.
Replace LastLogonTimeStamp with LastLogon in your script and you may like the output better. I think LastLogon is better. I gave you the stamp. You can research if you want, but both work.
Replace LastLogonTimeStamp with LastLogon in your script and you may like the output better. I think LastLogon is better. I gave you the stamp. You can research if you want, but both work.
ASKER
Yeah, the lastlogon replacement makes for a cleaner output. Thanks!
Gets the info you need (except account disabled, need to find that attribute name), and exports to a csv.
Get-ADUser -Filter * -Properties * | Select-Object Name, @{Name=”Last Successful Logon”;Expression={[dateti
This will send you and email of the CSV attachment that was exported to the path of your choice.
Send-MailMessage -From "THEUSERNAME <username@yourdomain.com>"