question

RohitBoddu-8474 avatar image
0 Votes"
RohitBoddu-8474 asked Chris-1748 answered

Getting list of users who logged in within 5 days..

Hi,

I want to get the list of users who has logged in into server within last 5 days..

i asked one of my users to log in and log out from system .. and i ran the script .. i thought i will get his entry of user logon in list .. but in results it is not appearing ..

i will share script below ..

When we run "Get-AdUser" command will its scope is related to current machine in which the command being run or is it applicable to entire active directory ..

/*

$value = get-aduser -filter -properties | Where-object {$.lastlogondate -ge (get-date).adddays(-5)}
$ulist1= $value1 | Select-object Name, LastLogonDate, SamAccountName

*/

I mean i want to get users who are logged in specific server (in my case i want to get the user list of only my terminal server) and not across all servers ..

Please help me in this to solve this problem ..

Regards,
Rohit..

windows-server-powershell
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

StoyanChalakov avatar image
0 Votes"
StoyanChalakov answered kaylabar-7279 commented

Hi Rohit,

getting the user logon history is not that trivial as it might sound. It requires the presence of certain Events in regards to the particular server, events which are logged when you turn on Auditing and which have to be analyzed in order to get proper results.
Here are some cool references, which depict each step in details:

Finding User Login History and Last Logon by User Logon Event ID
https://adamtheautomator.com/powershell-user-logon-event-id-history/

Active Directory: How to Get User Login History using PowerShell
https://social.technet.microsoft.com/wiki/contents/articles/51413.active-directory-how-to-get-user-login-history-using-powershell.aspx

I am npot quite sure how exactly you get the logon history, but you certainly need audit events for that. So in your case if you don't have such, this might be the cause.

Hope I was able to help. Regards,

(If the reply was helpful please don't forget to upvote or accept as answer, thank you)
Regards,
Stoyan




· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

kaylabar-7279 avatar image kaylabar-7279 ·

Hey this looks great.
https://social.technet.microsoft.com/wiki/contents/articles/51413.active-directory-how-to-get-user-login-history-using-powershell.aspx

I did a search and I need some AD PowerShell extensions? installed to use
Get-ADDomainController
since it does not exist.

Can anyone put me at a guide on installing PowerShell "Extras" or "Extensions" whatever.

I stay away from powershell too often because some package is not installed the command "is not recognized as the name of a cmdlet".

Thanks please help

0 Votes 0 ·
IanXue-MSFT avatar image
0 Votes"
IanXue-MSFT answered IanXue-MSFT edited

Hi,

The LastLogonDate (actually LastLogonTimeStamp) is not updated every time a user logs on to the domain. The attribute is updated only when the difference between current logon time and previous LastLogonTimeStamp value is greater than an interval which is random between 9-14 days by default. In your case you may change the interval (msDS-LogonTimeSyncInterval) to 5 in ADSI Edit.

https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx
https://docs.microsoft.com/en-us/archive/blogs/askds/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works

Best Regards,
Ian
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Chris-1748 avatar image
0 Votes"
Chris-1748 answered

I think it is better you make a simple GPO Logonscript and write the Logoninformation into a text file and analyse this with Excel or other tools.

We do this since many year and save time and problems with all other solutions.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.