When the user logon to computer which is in the active directory, it stores user logon date and time. We need to get aduser last logon to identify when was last time user log on and find out stale user account.
In this article, I will explain to you how to get aduser last logon date and time. We will discuss different ways to get active directory user last logon datetime using PowerShell.
You need to use PowerShell Get-ADUser cmdlet to get active directory last logon date. Last Logon date time is stored in lastlogon attribute.
Get AdUser Last Logon using PowerShell
Using PowerShell script to get aduser last logon date time and related user properties as below
Get-ADUser -Identity Toms -Properties LastLogon | Select Name, @{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}}
In the above PowerShell Get-AdUser command, it get ad user LastLogon date time and print output on the console as the below
Name LastLogon
---- ---------
Tom Smith 7/30/2021 1:50:25 PMlastlogon property return results in a number that is not in DateTime format or human-readable format. Using the DateTime expression, we convert it to readable DateTime format.
Get AdUser Last Logon using Attributes Editor
You can get active directory user lastlogon using attributes editor.
Follow given below steps to get aduser lastlogon
Open ADUC (Active Directory Users and Computers)
Open Active Directory Users and Computer MMC snap-in. To open type dsa.msc in Run
Go to the View menu and click on Advanced Features to enable it. If it is not turned on, User properties will not display the attributes editor menu.
Select User
Select the active directory user for which you want to get last logon date time.
Right-click on the user and click Properties to open the Properties dialog window.
Select Attribute Editor to View ad user lastlogon
Click on the Attribute Editor tab to see the active directory user last logon and other attributes.
Refer to below image, and check lastLogon attribute marked in red to get ad user logon date time.
Note: AD user has lastlogon and lastLogonTimestamp attributes. Use the lastlogon attribute to get accurate lastlogon datetime of user. lastLogonTimestamp attribute value update within 14 days so may not be accurate all the time.
PowerShell Last Logon All Users in Domain
If you want to get last logon for all users in domain, run below command
Get-ADUser -Filter * -Properties lastLogon | Select samaccountname, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}}
In the above PowerShell script,
Get-ADUser cmdlet gets all the users in the domain using the Filter parameter and passes the output to the second command.
The second command Select samaccountname, and lastlogon property and print it on the terminal.
Lastlogon attribute returns date timestamp in number which is not in a human-readable format. Using the DateTime expression, we convert it to readable DateTime format.
The output of the above PowerShell script to get last logon for all users in the domain as below
samaccountname lastLogon
-------------- ---------
masadmin 7/31/2021 12:33:21 PM
Guest 7/29/2021 14:10:20 AM
krbtgt 7/30/2021 06:08:43 AM
toms 7/28/2021 09:12:56 AM
ErickJ 6/1/2021 11:01:16 AMConclusion
I hope the above article to get aduser last logon date time is helpful to you.
You can use PowerShell script or Attribute Editor to get active directory user last logon date and identify stale accounts. If the stale account is more than X days, you can delete the disabled ad account. You can find disabled users in OU and export a list of disabled users to a CSV file.
Read more about on get-aduser blog posts where I explained to get-aduser by email, get aduser properties, get-aduser filter from specific ou
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.