How to use PowerShell to get last logon time of Active Directory users

This article explains how to use PowerShell for last logon report generation. While many use a PowerShell command to find last logon time for all users in Active Directory (AD) it is without doubt a very complex and effort-intensive option. ADManager Plus, a web-based AD management and reporting solution, includes predefined reports which offer a no PowerShell last logon report generation option. It also eliminates the dependency on PowerShell to export AD users' last logon report.

To use PowerShell to get Active Directory last logon of all users, the get-ADuser cmdlet has to be used along with appropriate filters. For more conditions such as get AD user last logon report for specific OUs, get AD user last logon and export to CSV, etc. the PowerShell script's complexity increases. ADManager Plus' predefined reports make it possible to find last logon time for all users, and also export the report to CSV or any other format with just mouse-clicks based actions. This article explains how ADManager Plus is the simplest and better option compared to PowerShell.

Windows PowerShell

Steps to get inactive AD computers using PowerShell.

  • Ensure you have the necessary permissions to perform this action, and also to execute PowerShell scripts.
  • Get the domain and OU for which you wish to generate this report.
  • Create the script using the Get-ADComputer cmdlet, and execute it in the PowerShell window.

A sample PowerShell script to get AD inactive computers

Import-Module ActiveDirectory
$DaysInactive = 30
$time = (Get-Date).Adddays(-($DaysInactive))

Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -Properties Name, OperatingSystem, SamAccountName, DistinguishedName | Export-CSV “D:\SecurityReports\StaleComputers.CSV” –NoTypeInformation
 Copied
Click to copy entire script

This script will list all computers that have been inactive for 30 days, along with their properties such as sAMAccoutName, and Operating System. It will also export the report to the specific location in CSV format.

ADManager Plus

To generate inactive AD computers report,

  • Select the Inactive Computers report from Computer Reports section in the Reports tab. (For disabled computers, select the Disabled Computers report from Computer Reports in Reports tab.)
  • Select the domains and OUs from which you wish to get all the inactive computers, select the period if inactivity, and click Generate. Click the Export as option, and select the format to export the report.

Screenshot

A screenshot of ADManager Plus with last logon time stamp of all the users in AD

» Start 30-day Free Trial

Limitations of using PowerShell to list last logon of AD users

  • You will not be able to use PowerShell to find last logon for all users if you do not have enough privileges in the AD domains from which you wish to generate this report. With ADManager Plus, as there is no necessity to connect to the DC directly, there is no need to elevate users' or technicians' privileges in native AD.
  • To export AD users last logon report in a different format or to store the report in a different location, the PowerShell script has to be modified. ADManager Plus offers built-in Export as option which allows you to export the report to CSV, PDF, HTML, or XLSX format with just mouse-clicks.
  • If you wish to search the generated AD users' last logon report for any specific record or data, the PowerShell script doesn't offer any option. It also doesn't offer any option to manage the user accounts from the report. ADManager Plus on the other hand offers a built-in search and on-the-fly management actions in all its reports to locate any user easily and move, enable/disable, delete, or reset the desired accounts or modify their attributes, right from the reports.
  • You must know how to execute the scripts from the PowerShell window. As ADManager Plus is purely GUI-based, all management and reporting actions can be performed with just mouse clicks.
  • Just a misplaced hyphen, or a misspelt LDAP attribute name could cause errors. As ADManager Plus is a purely GUI-based solution, it eliminates the need to create or execute complex scripts, closing the door on any chances of error.

Find logon information on Active Directory users from prebuilt reports.

  Get 30-day free trial.
  • Embark on your script-free AD management, reporting, and automation journey with ADManager Plus.
  •  
     
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thanks
  • Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Powershell How-to Guides:

The one-stop solution toActive Directory Management and Reporting

Email Download Link