I want to know the user details who are all not logged on more then 90days with last logon and logout date and time
this is will need to be run in local client os or VDI, once know the details we need to delete that users on remote servers please help me on this
Maybe this is helpful:
https://sid-500.com/2017/08/29/powershell-how-to-find-out-users-last-logon-get-localuser/
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
Hi
Thanks for your reply i try your script it's work but i need to get all remote servers like 200 servers who are all not logged on more then 90days with Date and Time AM/PM including Server name, user name, Last logon time, Last use date time all details i required if got that it will be more help for us.
Thanks for your support
Hi Andreas Baumgarten,
I have Script for Account unknown user profile delete we used that script for all windows 2008R2,Windows 2012R2 servers successfully, Now i need to pull the users report for who are not logged on more than 90days in those servers with Servername, user name, name, sAMAccountname, Logon count, creationdate, lastlogondate, Lastlogoutdate with Time AM/PM all servers are connected with domain only so i need to run the script from local machine or local vdi machine
If i got that details it will be very helpful for me Thanks for your support.
Is it safe to assume that these are users with accounts in the Active Directory? If so you'd have to have had auditing enabled to capture last time an account logged out, and you'd probably have had to been recording that date in a database (or some sort of file) because the security logs would probably have overwritten that information.
The same is true for local machines that also have their own security logs.
An AD account's last login date can be found in the account's LastLogonDate property, but if you have multiple domain controllers that property isn't replicated immediately. Replication takes place an intervals randomly chosen that range from 9 to 14 days.
Hi,
You can get the AD users by filtering with the LastLogonDate property like this
Get-ADUser -Filter * -Properties LastLogonDate | Where-Object {$_.LastLogonDate -le (Get-Date).AddDays(-90)}
Or you can get the user logon history from the EventLog on the DC when you turn on auditing
This link can be helpful
https://social.technet.microsoft.com/wiki/contents/articles/51413.active-directory-how-to-get-user-login-history-using-powershell.aspx
Best Regards,
Ian
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi
Thanks for your reply i try your script it's work but i need to get all remote servers like 200 servers who are all not logged on more then 90days with Date and Time AM/PM including Server name, user name, Last logon time, Last use date time all details i required if got that it will be more help for us.
Thanks for your support
Do the users have AD accounts, or are they local (to the remote servers) users without AD accounts?
Do the remote servers have accounts in the AD or are they stand-alone machines? Do you have domain controllers in those remote locations? If so do they replicate on a regular schedule?
Do you have connectivity to the 200 remote servers (or to remote domain controllers)?
You're leaving out important details in your description of the environment in which you're working. Those absent details make it very difficult to know how to approach your problem!
I see that there is a bit of misunderstanding here, so this is a humble attempt to make the whole thing a bit clearer and help you out. So, based on the requirments you have specified there are 2 possible use cases:
1. Option 1 - You want to get the information of all Active Directroy users, who have been innactive for more than 90 days (no further requirements).
In this particular case we automatically assume that you are refering to Active Directory Users. This is failry easy, using a script from the Social Technet Gallery, published by
Alexandre Augagneur some time ago. I have used the script to create general AD User Reports and can tell you that it working and does a great hob not only getting all users, who have been innactive for a certain period, but also lots of other user related data. The script can be found here:
Generate Excel report based on Active Directory user objects
https://gallery.technet.microsoft.com/scriptcenter/Generate-Excel-report-48c3f3b4
and offers a variety of reporting capabilities. In your particular case you can use the script like this:
Audit-ADAccounts.ps1 -Domain "corpnet.net" -InactiveDays 90
When you download the script you will find out that it also contains examples. which will help you use also other options.
The reporting is done, based on the LastLogonTimeStamp" Attribute of the Active Directory User Account. See this for more information:
“The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/8220-the-lastlogontimestamp-attribute-8221-8211-8220-what-it-was/ba-p/396204
2. Option 2 - You want to get the logon information on certain servers, no matter the accounts used (local or Active Directory)
Getting the user logon history is not that trivial as it might sound. It requires the presence of certain Events on each individual server, events which are logged when you turn on Auditing and which have to be analyzed in order to get proper results.
Here are some cool references, which depict each step in details:
Finding User Login History and Last Logon by User Logon Event ID
https://adamtheautomator.com/powershell-user-logon-event-id-history/
Active Directory: How to Get User Login History using PowerShell
https://social.technet.microsoft.com/wiki/contents/articles/51413.active-directory-how-to-get-user-login-history-using-powershell.aspx
The first article not only explains how the whole process looks like, but also offers you a script, which you can use to track down all logins on multiple servers (array of computers). Here is the script synopsis:
This script finds all logon, logoff and total active session times of all users on all computers specified. For this script to function as expected, the advanced AD policies; Audit Logon, Audit Logoff and Audit Other Logon/Logoff Events must be enabled and targeted to the appropriate computers via GPO or local policy.
So the script will give all logon and logoff times of all users and you can filter to get only those who are older than 90 days. You can of course adjust the script to get only those older than 90 days.
I hope I could help you out.
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards,
Stoyan
I have Script for Account unknown user profile delete we used that script for all windows 2008R2,Windows 2012R2 servers successfully, Now i need to pull the users report for who are not logged on more than 90days in those servers with Servername, user name, name, sAMAccountname, Logon count, creationdate, lastlogondate, Lastlogoutdate with Time AM/PM all servers are connected with domain only so i need to run the script from local machine or local vdi machine
If i got that details it will be very helpful for me Thanks for your support.
The only place you'll find any "last logout date" in in the security logs. And then, only if you've enabled auditing of those events. Keep in mind that it's unlikely that the security logs will hold that information for 90 days as they will be generating copious volumes of events to satisfy the auditing requirements and will most likely be overwriting events. That means that it's unlikely you'll be able to get that historical information.
10 people are following this question.
