How to generate and export the last logged on users on remote computers report

A system administrator would need to track users' last logon date and time to identify stale accounts, if any, in the organization's Active Directory. On remote computers, it is imperative to check for unauthorized logons to protect the network from potential cyberthreats.

A system administrator would need to track users' last logon date and time to identify stale accounts, if any, in the organization's Active Directory. On remote computers, it is imperative to check for unauthorized logons to protect the network from potential cyberthreats.

Windows PowerShell

Steps to obtain the last logged on users on remote computers using PowerShell:

• Identify the domain from which you want to retrieve the report.
• Identify the LDAP attributes you need to fetch the report.
• Identify the primary DC to retrieve the report.
• Compile the script.
• Execute it in Windows PowerShell.
• The report will be exported in the given format.
• To obtain the report in a different format, modify the script accordingly.

Sample Windows PowerShell script

Get-WinEvent -Computer $serverName -FilterHashtable @{Logname='Security';ID=4672} -MaxEvents 1 | Select @{N='User';E={$_.Properties[1].Value}},TimeCreated

 Copied

Click to copy entire script

ADAudit Plus

To obtain the report,

• Login to ADAudit Plus web console as an administrator.
• Navigate to the Reports tab and from the Local Logon-Logoff section in the left pane, select Remote Desktop Services Activity report.
• Select the domain and click Generate.
• Select Export As to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).

Screenshot:

Following are the limitations to obtain a report of the last logged on AD users on remote computers using native tools like Windows PowerShell:

ADAudit Plus will generate the report to retrieve the users that last logged on remotely, displayed on a simple and intuitively designed UI.