Home » PowerShell » PowerShell – Get AdUser Last Logon

PowerShell – Get AdUser Last Logon

The Get-AdUser cmdlet in PowerShell is used to retrieve information about Active Directory Users. The Get-AdUser command has a LastLogon attribute which stores the date and time of the user’s last successful logon.

When the user logon to the computer which is in the active directory, it stores the user logon date and time. Active Directory user’s last logon details are used to identify the last time the user logged on and find out the stale user account.

In this article, we will discuss how to get aduser last logon date and time and different ways to get the active directory user last logon datetime using PowerShell.

Use the PowerShell Get-ADUser cmdlet to get the active directory user last logon date. The last Logon date time is stored in the lastlogon attribute.

How to Get AdUser Last Logon using PowerShell

To get aduser last logon date and time for the user in the Active Directory, use the following PowerShell script.

Get-ADUser -Identity Toms -Properties LastLogon | Select Name, @{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}}

The Get-AdUser command gets the active directory user’s lastlogon date time. This command uses the Identity parameter to retrieve the users from the Active Directory and Select the LastLogon attribute that stores the date and time of the user’s last successful login.

The LastLogon attribute is a Windows FileTime value, which is a 64-bit integer that represents the number of 100-nanosecond intervals since January 1, 1601 UTC. To convert a Windows FileTime value to a human-readable format date and time, we used the following PowerShell command.

Expression={[DateTime]::FromFileTime($_.LastLogon)

In the above PowerShell Get-AdUser command, it gets ad user LastLogon date time and prints output on the console as below.

Name     LastLogon
----     ---------
Tom Smith 7/30/2021 1:50:25 PM

How to Get AdUser Last Logon using Attributes Editor

You can get active directory user lastlogon using attributes editor.

Follow given below steps to get aduser lastlogon

Open ADUC (Active Directory Users and Computers)

Open Active Directory Users and Computer MMC snap-in. To open type dsa.msc in Run

Go to the View menu and click on Advanced Features to enable it. If it is not turned on, User properties will not display the attributes editor menu.

ADUC - Advanced Features
ADUC – Advanced Features

Select User

Select the active directory user for which you want to get last logon date time.

Right-click on the user and click Properties to open the Properties dialog window.

Select Attribute Editor to View ad user lastlogon

Click on the Attribute Editor tab to see the active directory user last logon and other attributes.

Refer to below image, and check lastLogon attribute marked in red to get ad user logon date time.

Attribute Editor to get ad user last logon
Attribute Editor to get ad user last logon

Note: AD user has lastlogon and lastLogonTimestamp attributes. Use the lastlogon attribute to get accurate lastlogon datetime of user. lastLogonTimestamp attribute value update within 14 days so may not be accurate all the time.

PowerShell Last Logon All Users in Domain

To get the last logon for all users in domain, run the following command.

Get-ADUser -Filter * -Properties lastLogon | Select samaccountname, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}}

The Get-ADUser cmdlet in PowerShell gets all the users in the domain using the Filter parameter and passes the output to the second command.

The second command Select samaccountname, and lastlogon attribute and print it on the terminal.

Lastlogon attribute returns date timestamp in number which is not in a human-readable format. Using the DateTime expression, we convert it to readable DateTime format.

The output of the above PowerShell script to get last logon for all users in the domain as below

samaccountname lastLogon
-------------- ---------
masadmin       7/31/2021 12:33:21 PM
Guest          7/29/2021 14:10:20 AM
krbtgt         7/30/2021 06:08:43 AM
toms           7/28/2021 09:12:56 AM
ErickJ         6/1/2021  11:01:16 AM

Conclusion

I hope the above article to get aduser last logon date time is helpful to you.

You can use PowerShell script or Attribute Editor to get active directory user last logon date and identify stale accounts. If the stale account is more than X days, you can delete the disabled ad account. You can find disabled users in OU and export a list of disabled users to a CSV file.

Read more about on get-aduser blog posts where I explained to get-aduser by email, get aduser properties, get-aduser filter from specific ou

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.