question

vijayakumarD-1665 avatar image
0 Votes"
vijayakumarD-1665 asked vijayakumarD-1665 commented

i want to know the users who are all not logged on more then 90days

I want to know the user details who are all not logged on more then 90days with last logon and logout date and time
this is will need to be run in local client os or VDI, once know the details we need to delete that users on remote servers please help me on this

windows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
1 Vote"
AndreasBaumgarten answered vijayakumarD-1665 commented

Maybe this is helpful:

https://sid-500.com/2017/08/29/powershell-how-to-find-out-users-last-logon-get-localuser/


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi

Thanks for your reply i try your script it's work but i need to get all remote servers like 200 servers who are all not logged on more then 90days with Date and Time AM/PM including Server name, user name, Last logon time, Last use date time all details i required if got that it will be more help for us.

Thanks for your support

0 Votes 0 ·

Hi Andreas Baumgarten,

I have Script for Account unknown user profile delete we used that script for all windows 2008R2,Windows 2012R2 servers successfully, Now i need to pull the users report for who are not logged on more than 90days in those servers with Servername, user name, name, sAMAccountname, Logon count, creationdate, lastlogondate, Lastlogoutdate with Time AM/PM all servers are connected with domain only so i need to run the script from local machine or local vdi machine

If i got that details it will be very helpful for me Thanks for your support.








0 Votes 0 ·
RichMatheisen-8856 avatar image
1 Vote"
RichMatheisen-8856 answered vijayakumarD-1665 commented

Is it safe to assume that these are users with accounts in the Active Directory? If so you'd have to have had auditing enabled to capture last time an account logged out, and you'd probably have had to been recording that date in a database (or some sort of file) because the security logs would probably have overwritten that information.

The same is true for local machines that also have their own security logs.

An AD account's last login date can be found in the account's LastLogonDate property, but if you have multiple domain controllers that property isn't replicated immediately. Replication takes place an intervals randomly chosen that range from 9 to 14 days.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I cheked but it is not working as my exceptation

0 Votes 0 ·
IanXue-MSFT avatar image
1 Vote"
IanXue-MSFT answered vijayakumarD-1665 commented

Hi,

You can get the AD users by filtering with the LastLogonDate property like this

 Get-ADUser -Filter * -Properties LastLogonDate | Where-Object {$_.LastLogonDate -le (Get-Date).AddDays(-90)}

Or you can get the user logon history from the EventLog on the DC when you turn on auditing

This link can be helpful
https://social.technet.microsoft.com/wiki/contents/articles/51413.active-directory-how-to-get-user-login-history-using-powershell.aspx

Best Regards,
Ian
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi

Thanks for your reply i try your script it's work but i need to get all remote servers like 200 servers who are all not logged on more then 90days with Date and Time AM/PM including Server name, user name, Last logon time, Last use date time all details i required if got that it will be more help for us.

Thanks for your support

0 Votes 0 ·

Do the users have AD accounts, or are they local (to the remote servers) users without AD accounts?

Do the remote servers have accounts in the AD or are they stand-alone machines? Do you have domain controllers in those remote locations? If so do they replicate on a regular schedule?

Do you have connectivity to the 200 remote servers (or to remote domain controllers)?

You're leaving out important details in your description of the environment in which you're working. Those absent details make it very difficult to know how to approach your problem!

1 Vote 1 ·

I checked but it is not work like my related some thing missing

0 Votes 0 ·
StoyanChalakov avatar image
1 Vote"
StoyanChalakov answered vijayakumarD-1665 commented

Hi @vijayakumarD-1665,

I see that there is a bit of misunderstanding here, so this is a humble attempt to make the whole thing a bit clearer and help you out. So, based on the requirments you have specified there are 2 possible use cases:

1. Option 1 - You want to get the information of all Active Directroy users, who have been innactive for more than 90 days (no further requirements).

In this particular case we automatically assume that you are refering to Active Directory Users. This is failry easy, using a script from the Social Technet Gallery, published by
Alexandre Augagneur some time ago. I have used the script to create general AD User Reports and can tell you that it working and does a great hob not only getting all users, who have been innactive for a certain period, but also lots of other user related data. The script can be found here:

Generate Excel report based on Active Directory user objects
https://gallery.technet.microsoft.com/scriptcenter/Generate-Excel-report-48c3f3b4

and offers a variety of reporting capabilities. In your particular case you can use the script like this:

 Audit-ADAccounts.ps1 -Domain "corpnet.net" -InactiveDays 90

When you download the script you will find out that it also contains examples. which will help you use also other options.

The reporting is done, based on the LastLogonTimeStamp" Attribute of the Active Directory User Account. See this for more information:

“The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/8220-the-lastlogontimestamp-attribute-8221-8211-8220-what-it-was/ba-p/396204

2. Option 2 - You want to get the logon information on certain servers, no matter the accounts used (local or Active Directory)

Getting the user logon history is not that trivial as it might sound. It requires the presence of certain Events on each individual server, events which are logged when you turn on Auditing and which have to be analyzed in order to get proper results.

Here are some cool references, which depict each step in details:

Finding User Login History and Last Logon by User Logon Event ID
https://adamtheautomator.com/powershell-user-logon-event-id-history/

Active Directory: How to Get User Login History using PowerShell
https://social.technet.microsoft.com/wiki/contents/articles/51413.active-directory-how-to-get-user-login-history-using-powershell.aspx

The first article not only explains how the whole process looks like, but also offers you a script, which you can use to track down all logins on multiple servers (array of computers). Here is the script synopsis:

This script finds all logon, logoff and total active session times of all users on all computers specified. For this script to function as expected, the advanced AD policies; Audit Logon, Audit Logoff and Audit Other Logon/Logoff Events must be enabled and targeted to the appropriate computers via GPO or local policy.

So the script will give all logon and logoff times of all users and you can filter to get only those who are older than 90 days. You can of course adjust the script to get only those older than 90 days.

I hope I could help you out.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards,
Stoyan








· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I have Script for Account unknown user profile delete we used that script for all windows 2008R2,Windows 2012R2 servers successfully, Now i need to pull the users report for who are not logged on more than 90days in those servers with Servername, user name, name, sAMAccountname, Logon count, creationdate, lastlogondate, Lastlogoutdate with Time AM/PM all servers are connected with domain only so i need to run the script from local machine or local vdi machine

If i got that details it will be very helpful for me Thanks for your support.

0 Votes 0 ·

The only place you'll find any "last logout date" in in the security logs. And then, only if you've enabled auditing of those events. Keep in mind that it's unlikely that the security logs will hold that information for 90 days as they will be generating copious volumes of events to satisfy the auditing requirements and will most likely be overwriting events. That means that it's unlikely you'll be able to get that historical information.

0 Votes 0 ·

Thanks for your reply and support it is use full for me

0 Votes 0 ·