How to generate and export the last logged on users on remote computers report
A system administrator would need to track users' last logon date and time to identify stale accounts, if any, in the organization's Active Directory. On remote computers, it is imperative to check for unauthorized logons to protect the network from potential cyberthreats.
A system administrator would need to track users' last logon date and time to identify stale accounts, if any, in the organization's Active Directory. On remote computers, it is imperative to check for unauthorized logons to protect the network from potential cyberthreats.
Windows PowerShell
Steps to obtain the last logged on users on remote computers using PowerShell:
- Identify the domain from which you want to retrieve the report.
- Identify the LDAP attributes you need to fetch the report.
- Identify the primary DC to retrieve the report.
- Compile the script.
- Execute it in Windows PowerShell.
- The report will be exported in the given format.
- To obtain the report in a different format, modify the script accordingly.
Sample Windows PowerShell script
Get-WinEvent -Computer $serverName -FilterHashtable @{Logname='Security';ID=4672} -MaxEvents 1 | Select @{N='User';E={$_.Properties[1].Value}},TimeCreated
Copied
Click to copy entire script
ADAudit Plus
To obtain the report,
- Login to ADAudit Plus web console as an administrator.
- Navigate to the Reports tab and from the Local Logon-Logoff section in the left pane, select Remote Desktop Services Activity report.
- Select the domain and click Generate.
- Select Export As to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).
Screenshot:
Following are the limitations to obtain a report of the last logged on AD users on remote computers using native tools like Windows PowerShell:
- The script can be executed only from the computers which has Active Directory Domain Services role and auditing needs to be turned on on each computer.
- It's difficult to change date formats, and apply different time zones on the date results.
- It's difficult to export the report in file formats other than CSV.
- Applying more filters like OU or 'User name starts with' will increase the LDAP query complexity.
ADAudit Plus will generate the report to retrieve the users that last logged on remotely, displayed on a simple and intuitively designed UI.