PowerShell – Get AdUser Last Logon

When the user logon to computer which is in active directory, it stores user logon date and time. We need to get aduser last logon to identify when was last time user log on and find out stale user account.

In this article, I will explain you how to get aduser last logon date and time. We will discuss about different ways to get active directory user last logon datetime using PowerShell.

You need to use PowerShell Get-ADUser cmdlet to get active directory last logon date. Last Logon date time is stored in lastlogon attribute.

Get AdUser Last Logon using PowerShell

Using PowerShell script to get aduser last logon date time and related user properties as below

Get-ADUser -Identity Toms -Properties LastLogon | Select Name, @{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}}

In the above PowerShell Get-AdUser command, it get ad user LastLogon date time and print output on console as below

Name     LastLogon
----     ---------
Tom Smith 7/30/2021 1:50:25 PM

lastlogon property return results in number which is not in datetime format or human readable format. Using DateTime expression, we convert it to readable datetime format.

Get AdUser Last Logon using Attributes Editor

You can get active directory user lastlogon using attributes editor.

Follow given below steps to get aduser lastlogon

Open ADUC (Active Directory Users and Computers)

Open Active Directory Users and Computer mmc snap-in. To open type dsa.msc in Run

Go to View menu and click on Advanced Features to enabled it. If it is not turned on, User properties will not display attributes editor menu.

ADUC - Advanced Features
ADUC – Advanced Features

Select User

Select active directory user for which you want to get last logon date time.

Right click on user and click Properties to open Properties dialog window.

Select Attribute Editor to View ad user lastlogon

Click on Attribute Editor tab to see active directory user last logon and other attributes.

Refer below image, check lastLogon attribute marked in red to get ad user logon date time.

Attribute Editor to get ad user last logon
Attribute Editor to get ad user last logon

Note: AD user has lastlogon and lastLogonTimestamp attributes. Use lastlogon attribute to get accurate lastlogon datetime of user. lastLogonTimestamp attribute value update within 14 days so may not be accurate all the time.

PowerShell Last Logon All Users in Domain

If you want to get last logon for all users in domain, run below command

Get-ADUser -Filter * -Properties lastLogon | Select samaccountname, @{Name="lastLogon";Expression={[datetime]::FromFileTime($_.'lastLogon')}}

In the above PowerShell script,

Get-ADUser cmdlet gets all the users in the domain using Filter parameter and passes the output to the second command.

The second command Select samaccountname, lastlogon property and print it on the terminal.

Lastlogon attribute returns date timestamp in number which is not in a human-readable format. Using DateTime expression, we convert it to readable DateTime format.

The output of above PowerShell script to get last logon for all users in the domain as below

samaccountname lastLogon
-------------- ---------
masadmin       7/31/2021 12:33:21 PM
Guest          7/29/2021 14:10:20 AM
krbtgt         7/30/2021 06:08:43 AM
toms           7/28/2021 09:12:56 AM
ErickJ         6/1/2021  11:01:16 AM

Conclusion

I hope above article to get aduser last logon date time helpful to you.

You can use PowerShell script or Attribute Editor to get active directory user last logon date and identify stale account. If stale account is more than X days, you can delete disabled ad account. You can find disabled users in OU and export list of disabled users to csv file.

Read more about on get-aduser blog posts where I explained to get-aduser by email, get aduser properties, get-aduser filter from specific ou

You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.

Leave a Comment