Extract lastlogon AD attrib from each DC on domain and select Inactive Accounts that have not logged on for 30 days - PowerShellCommunity.org - Windows PowerShell Discussion Forums - Using PowerShell

Extract lastlogon AD attrib from each DC on domain and select Inactive Accounts that have not logged on for 30 days

Last Post 24 Feb 2011 01:54 AM by jvc. 2 Replies.

Sort:

	Prev Next
You are not authorized to post a reply.

Author

Messages

get-james

New Member
Posts:59
Avatar

30 Jan 2011 12:32 AM
All, I have created the following PS script which extracts the following AD attribs from each DC, so you can select inactive accounts: samaccountname, lastlogon, pwdlastset, lastlogontimestamp I have tested this on PS2.0 agaist Win2003 & Win2008R2 DCs. If you can see any improvments or changes that would make it better, I would love to know: #Get all domain controllers for the current domain $StrDCs = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain() \| foreach{$_.DomainControllers\| foreach{$_.Name}} $StrAllResults = $null $StrDCs \| foreach-object { $Erroractionpreference = "Silentlycontinue" $strFilter = "(&(objectCategory=person)(objectClass=user))" $StrEachDC = "LDAP://"+$_.split(".")[0] $objDomain = New-Object System.DirectoryServices.DirectoryEntry $StrEachDC $objSearcher = New-Object System.DirectoryServices.DirectorySearcher $objSearcher.SearchRoot = $objDomain $objSearcher.PageSize = 100 $objSearcher.Filter = $strFilter $objSearcher.SearchScope = "Subtree" $strProps = "samaccountname,lastlogon,pwdlastset,lastlogontimestamp" $strProps.split(",") \| %{[void]$objSearcher.PropertiesToLoad.Add($_);} $StrResults = $objSearcher.findall() $Erroractionpreference = "Continue" $StrAllResults += $StrResults Write-host "Finshed extracting information from $_" } # Group Account per samaccountName $StrAllResultsGrouped = $null $StrAllResultsGrouped = $StrAllResults \| Group {$_.Properties.samaccountname} # Format results at get date values $StrAllResultsMostRecentPerDC = $null $StrAllResultsMostRecentPerDC = $StrAllResultsGrouped \| Foreach-object {$_.Group \| Foreach-object ` { $_ \| Select-Object ` @{n="LogonDomainController";Expression={($_ \| select path).path.split("/")[2]}}, @{n="samaccountname";Expression={$_.properties.samaccountname}}, @{n="pwdlastset";Expression={"{0:dd/MM/yyyy HH:mm}" -f ([datetime]::fromfiletime([string]($_.Properties.pwdlastset)))}}, @{n="lastlogon";Expression={"{0:dd/MM/yyyy HH:mm}" -f ([datetime]::fromfiletime([string]($_.Properties.lastlogon)))}}, @{n="Lastlogontimestamp";Expression={"{0:dd/MM/yyyy HH:mm}" -f ([datetime]::fromfiletime([string]($_.Properties.lastlogontimestamp)))}} } } # Only select the most recent pwdlastset,lastlogon & Lastlogontimestamp for each samaccountname $StrAllResultsMostRecent = $null $StrAllResultsMostRecent = $StrAllResultsMostRecentPerDC \| Group {$_.samaccountname} \| Foreach-object ` { $StrTemp = @();$_.Group \| Foreach-object {$StrTemp += $_} "" \| Select-Object ` @{n="samaccountname";Expression={ $StrTemp[0].samaccountname}}, @{n="pwdlastset";Expression={($StrTemp \| Select-Object pwdlastset \| Sort-Object {[datetime]::ParseExact($_.pwdlastset,'dd/MM/yyyy HH:mm',$null)} -Descending \| Select-Object -First 1).pwdlastset }}, @{n="lastlogon";Expression={($StrTemp \| Select-Object lastlogon \| Sort-Object {[datetime]::ParseExact($_.lastlogon,'dd/MM/yyyy HH:mm',$null)} -Descending \| Select-Object -First 1).lastlogon }}, @{n="Lastlogontimestamp";Expression={($StrTemp \| Select-Object Lastlogontimestamp \| Sort-Object {[datetime]::ParseExact($_.Lastlogontimestamp,'dd/MM/yyyy HH:mm',$null)} -Descending \| Select-Object -First 1).Lastlogontimestamp}} } Write-Host "Total account in AD: "$StrAllResultsMostRecent.count #Selecting only accounts that have not logged on for 30 days $StrAllResultsInActiveAccount = $StrAllResultsMostRecent \| Where-Object {[datetime]::ParseExact($_.lastlogon,'dd/MM/yyyy HH:mm',$null) -le (date).adddays(-30)} Write-Host "Total accounts that have not logged onto AD in 30 days: "$StrAllResultsInActiveAccount.count # Do something with these AD account: $StrAllResultsInActiveAccount Cheers James
SelectInactiveAccountFromAllDCs.txt

get-james

New Member
Posts:59
Avatar

31 Jan 2011 02:56 AM
Also, if you only want to check the results for one user, just run the following commands: #Single user test: $StrAllResults \| Where {$_.Properties.samaccountname -eq "User01"} \| Foreach-object ` { $_ \| Select-Object ` @{n="LogonDomainController";Expression={($_ \| select path).path.split("/")[2]}}, @{n="UserName";Expression={$_.properties.samaccountname}}, @{n="pwdlastset";Expression={"{0:dd/MM/yyyy HH:mm}" -f ([datetime]::fromfiletime([string]($_.Properties.pwdlastset)))}}, @{n="lastlogon";Expression={"{0:dd/MM/yyyy HH:mm}" -f ([datetime]::fromfiletime([string]($_.Properties.lastlogon)))}}, @{n="Lastlogontimestamp";Expression={"{0:dd/MM/yyyy HH:mm}" -f ([datetime]::fromfiletime([string]($_.Properties.lastlogontimestamp)))}} \| sort lastlogon } \| sort-object {[datetime]::ParseExact($_.lastlogon,'dd/MM/yyyy HH:mm',$null)} -des \| format-List LogonDomainController : DC01 UserName : User01 pwdlastset : 31/12/2010 10:17 lastlogon : 31/12/2010 10:17 Lastlogontimestamp : 31/12/2010 10:17 LogonDomainController : DC02 UserName : User01 pwdlastset : 31/12/2010 10:17 lastlogon : 31/12/2010 10:17 Lastlogontimestamp : 31/12/2010 10:17 LogonDomainController : DC03 UserName : User01 pwdlastset : 31/12/2010 10:17 lastlogon : 01/01/1601 00:00 Lastlogontimestamp : 31/12/2010 10:17

jvc

New Member
Posts:1
Avatar

24 Feb 2011 01:54 AM
Hi, James very good script, but i'm having problems when the samaccountname is Null in AD the user doesn't get returned, any other solution to return all the users? thanks in advance Joe Update: Just figured it out, removing the (objectCategory=person) from the $strFilter= does the job ;) thanks

You are not authorized to post a reply.

Forums > Using PowerShell > Peer Review

Active Forums 4.3