How to get LastLogon from ALL Domain Controllers

1.5k views Asked by At

Thanks to the user Vesper I have been able to get this far with my Powershell script.

Get-ADDomainController -filter * | 
% {Get-ADUser -Filter "Enabled -eq 'True'" -server $_.name -Properties Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,LastLogon‌​,Manager,Title,Department,Organization,Enabled -SearchBase "DC=REMOVEDFORANONYMITY,DC=com" | 
? {$_.EmployeeID -notlike "EXCLUDE" } | 
Select Name,SamAccountName,Description,EmployeeID,EmployeeNumber,EmailAddress,@{N='Last‌​Logon'; E={[DateTime]::FromFileTime($_.LastLogon)}},Manager,Title,Department,Organizatio‌​n,Enabled | 
Export-Csv "C:\scripts\AD_Export_$($_.name).csv"}

However, when I run this script I get the following errors: error

Is there something I am missing?

I am also wanting to make it to where not only does it grab LastLogon, but also grab LastLogonTimeStamp and then have is use whichever is the most recent. My Powershell knowledge is very small, can anyone add to my script what is needed? Thanks in advance.

2

There are 2 answers

1
Mathias R. Jessen On BEST ANSWER

You seem to have pasted the LastLogon, part of the Properties argument from somewhere.

There are two zero-width unicode characters (U+200C and U+200B) between LastLogon and ,.

Delete it and rewrite it by hand

0
Olívio Moura On

You can use my powershell code for that. Just use or adapt it to your needs.

Import-Module ActiveDirectory

$properties = ("Name", "SamAccountName", "mail", "lastLogon", "manager", "company", "createTimeStamp", "department", "logonCount", "pwdLastSet", "userPrincipalName", "physicalDeliveryOfficeName", "employeeID", "accountExpires", "division", "msDS-ResultantPSO")
$users = @{}

foreach ($hostname in (Get-ADDomainController -Filter { IsReadOnly -eq $false } ).HostName) {
    foreach ($user in (Get-ADUser -Server $hostname -Filter 'enabled -eq $true' -properties $properties | Select-Object $properties)) {
        if ( $users.Item($user.SamAccountName)) {
            If ( $user.lastLogon -gt $users.Item($user.SamAccountName).lastLogon ) { $users.Item($user.SamAccountName).lastLogon = $user.lastLogon }
            $users.Item($user.SamAccountName).logonCount += $user.logonCount
        }
        else {
            $users.Add( $user.SamAccountName, $user )
        }
    }
}

$hostname = (Get-ADDomainController -Discover -NextClosestSite).HostName
foreach ( $user in $users.Values ) {
    if ( $user.lastLogon ) { $user.lastLogon = [DateTime]::FromFileTime($user.lastLogon) }
    if ( $user.pwdLastSet ) { $user.pwdLastSet = [DateTime]::FromFileTime($user.pwdLastSet) }
    if ( $user.accountExpires -eq "9223372036854775807" -or $user.accountExpires -eq "0" ) { $user.accountExpires = "never expires" }
    else {
        $user.accountExpires = [DateTime]::FromFileTime($user.accountExpires) 
    }
    if ( $user.manager ) { $user.manager = (Get-ADUser $user.manager -Server "$hostname" -properties Name ).Name }
}

$users.Values | Export-Csv -Path C:\ins\users.csv -NoTypeInformation -Encoding UTF8