Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Live Chat

How to generate and export the last logged on users on remote computers report

Written by Lakshmi, IT security team, ManageEngine Updated on November 2025

A system administrator would need to track users' last logon date and time to identify stale accounts, if any, in the organization's Active Directory. On remote computers, it is imperative to check for unauthorized logons to protect the network from potential cyberthreats.

Windows PowerShell

Steps to obtain the last logged on users on remote computers using PowerShell:

  • Identify the domain from which you want to retrieve the report.
  • Identify the LDAP attributes you need to fetch the report.
  • Identify the primary DC to retrieve the report.
  • Compile the script.
  • Execute it in Windows PowerShell.
  • The report will be exported in the given format.
  • To obtain the report in a different format, modify the script accordingly.

Sample Windows PowerShell script

Get-WinEvent -Computer $serverName -FilterHashtable @{Logname='Security';ID=4672} -MaxEvents 1 | Select @{N='User';E={$_.Properties[1].Value}},TimeCreated
 Copied
Click to copy entire script

ADAudit Plus

To obtain the report,

  • Login to ADAudit Plus web console as an administrator.
  • Navigate to the Reports tab and from the Local Logon-Logoff section in the left pane, select Remote Desktop Services Activity report.
  • Select the domain and click Generate.
  • Select Export As to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).

Screenshot:

powershell-get-last-logged-on-user-remote-computer-1

Following are the limitations to obtain a report of the last logged on AD users on remote computers using native tools like Windows PowerShell:

  • The script can be executed only from the computers which has Active Directory Domain Services role and auditing needs to be turned on on each computer.
  • It's difficult to change date formats, and apply different time zones on the date results.
  • It's difficult to export the report in file formats other than CSV.
  • Applying more filters like OU or 'User name starts with' will increase the LDAP query complexity.

ADAudit Plus will generate the report to retrieve the users that last logged on remotely, displayed on a simple and intuitively designed UI.

  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  • Get Your Free Trial
  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  •  
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  •  
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

  • Active Directory
  • File servers
  • Windows server
  • Workstation
  • Compliance
  • Related Products

A single pane of glass for complete Active Directory Auditing and Reporting

Free Trial Get Quote
Email Download Link