/\/\o\/\/ PowerShelled
This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$PreviousItems = (" Some fun With Monads Add-Member, MP3 files and COM "," MSH snap-in to Translate IADsLargeInteger to Int64 "," Commandline editing with MSH. "," MSH Scroll-host function "," Series about Monad on Computerworld "," Watching FSRM Quota and filescreen events from Monad "," More ACL and MSH on MSH for Fun "," Jelle "," Monad and "Jeugd sentiment" "," Monad Beta 3 Docs changes "," ")
Monday, January 23, 2006
get a Users LastLogontime and Domaincontroller from MSH
This script will check all Domaincontrollers for the lastlogontime of a user.
I started this script a while ago (see Monad(MSH) Beta 3 is getting closer ), after this (How can I determine the last time a user logged on to Active Directory? ) scripting guys article.
I wanted to do this in 4 lines from MSH, but I had some problems getting the IADsLargeInteger value (the LastLogon property is stored like one), but as I have written a Snap-in for this, (See
MSH snap-in to Translate IADsLargeInteger to Int64 ), I could now finish it.
This script is not 4 lines, first for readability, and I decided to do some timing in the script also.
the script will list the last logontime from every domaincontroller and keeps a counter running that keeps the time, as I was running this on a worldwide 200 + DC's Domain, I was interested in timing this.
the Output looks like this :
00:00 Site172DC002.Domain.mow.com Never
00:00 Site173dc002.Domain.mow.com Never
00:00 Site172dc001.Domain.mow.com Never
00:03 Site101dc000.Domain.mow.com Never
...
...
06:25 Site101dc002.Domain.mow.com 2005-12-27 13:40:45
06:25 Site101dc001.Domain.mow.com 2005-12-27 13:41:25
06:25 Site102dc000.Domain.mow.com Never
06:25 Site105dc002.Domain.mow.com Never
06:27 Site107dc001.Domain.mow.com Never
06:30 Site123dc000.Domain.mow.com Never
06:35 Site143dc001.Domain.mow.com Never
06:39 Site153dc001.Domain.mow.com Never
06:41 Site163dc001.Domain.mow.com Never
06:42 Site101dc001.Domain.mow.com Never
06:43 Site105dc001.Domain.mow.com Never
06:45 Site144dc001.Domain.mow.com Never
06:45 Site108dc002.Domain.mow.com 2006-01-23 12:10:35
06:45 Site154dc000.Domain.mow.com Never
06:46 Site113dc001.Domain.mow.com Never
06:46 Site183dc001.Domain.mow.com Never
06:46 Site133dc001.Domain.mow.com Never
Checked 231 DC's for CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com in 06:47 Minutes
Server Last Logon : Site108dc002.Domain.mow.com at 2006-01-23 12:10:35
00:00 Site173dc002.Domain.mow.com Never
00:00 Site172dc001.Domain.mow.com Never
00:03 Site101dc000.Domain.mow.com Never
...
...
06:25 Site101dc002.Domain.mow.com 2005-12-27 13:40:45
06:25 Site101dc001.Domain.mow.com 2005-12-27 13:41:25
06:25 Site102dc000.Domain.mow.com Never
06:25 Site105dc002.Domain.mow.com Never
06:27 Site107dc001.Domain.mow.com Never
06:30 Site123dc000.Domain.mow.com Never
06:35 Site143dc001.Domain.mow.com Never
06:39 Site153dc001.Domain.mow.com Never
06:41 Site163dc001.Domain.mow.com Never
06:42 Site101dc001.Domain.mow.com Never
06:43 Site105dc001.Domain.mow.com Never
06:45 Site144dc001.Domain.mow.com Never
06:45 Site108dc002.Domain.mow.com 2006-01-23 12:10:35
06:45 Site154dc000.Domain.mow.com Never
06:46 Site113dc001.Domain.mow.com Never
06:46 Site183dc001.Domain.mow.com Never
06:46 Site133dc001.Domain.mow.com Never
Checked 231 DC's for CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com in 06:47 Minutes
Server Last Logon : Site108dc002.Domain.mow.com at 2006-01-23 12:10:35
(ofcourse I scrabled this a bit, any double DC's are my mistake, not Monads ;-) )
the final script looks like this :
# Check-LastLogon.MSH
# check all Domaincontrollers for the lastlogontime of a user
#
# Uses the Get-IADsLargeInteger Snapin you can find here :
# http://mow001.blogspot.com/2006/01/msh-snap-in-to-translate.html
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
# fill in full DN of user
$DN = "CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com"
# Gets UTC offset to translate lastlogon time from UTC to local
$UtcOffset = [timezone]::CurrentTimeZone.GetUtcOffset($(get-date)).hours
# Get All Domaincontrollers
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dcs = $dom.DomainControllers
# Add stopWatch for Timing
$sw = new-object System.Diagnostics.Stopwatch
$sw.start()
# Find Lastlogon times
[dateTime]$MaxLogon = "1-1-1980"
$dcs | foreach {
trap{continue}
# Connect to Domain Controller
$de = new-object System.DirectoryServices.DirectoryEntry("LDAP://$($_.name)/$DN")
# here we do some translations to get the LargeInterger to a Local DateTime Object
$LastLogon = "Never"
$LastLogon = ([datetime]::FromFileTime((Get-IADsLargeInteger $de.get_Properties()["LastLogon"].Value))).AddHours($UtcOffset)
# Display Time-running DC name and Time
$timeRunning = [datetime]::parse($sw.Elapsed).tostring("mm:ss")
"$TimeRunning $($_.name) $LastLogon"
# update $maxlogon if found date is later
if ($maxlogon -lt $LastLogon) {$maxlogon = $LastLogon;$LastServer = $_.name}
}
# Stop Timing
$sw.stop()
$timeRunning = [datetime]::parse($sw.Elapsed).tostring("mm:ss")
# Display Summary
"`nChecked $($dcs.count) DC's for $dn in $timeRunning Minutes"
"`nServer Last Logon : $LastServer at $maxlogon"
# check all Domaincontrollers for the lastlogontime of a user
#
# Uses the Get-IADsLargeInteger Snapin you can find here :
# http://mow001.blogspot.com/2006/01/msh-snap-in-to-translate.html
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
# fill in full DN of user
$DN = "CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com"
# Gets UTC offset to translate lastlogon time from UTC to local
$UtcOffset = [timezone]::CurrentTimeZone.GetUtcOffset($(get-date)).hours
# Get All Domaincontrollers
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dcs = $dom.DomainControllers
# Add stopWatch for Timing
$sw = new-object System.Diagnostics.Stopwatch
$sw.start()
# Find Lastlogon times
[dateTime]$MaxLogon = "1-1-1980"
$dcs | foreach {
trap{continue}
# Connect to Domain Controller
$de = new-object System.DirectoryServices.DirectoryEntry("LDAP://$($_.name)/$DN")
# here we do some translations to get the LargeInterger to a Local DateTime Object
$LastLogon = "Never"
$LastLogon = ([datetime]::FromFileTime((Get-IADsLargeInteger $de.get_Properties()["LastLogon"].Value))).AddHours($UtcOffset)
# Display Time-running DC name and Time
$timeRunning = [datetime]::parse($sw.Elapsed).tostring("mm:ss")
"$TimeRunning $($_.name) $LastLogon"
# update $maxlogon if found date is later
if ($maxlogon -lt $LastLogon) {$maxlogon = $LastLogon;$LastServer = $_.name}
}
# Stop Timing
$sw.stop()
$timeRunning = [datetime]::parse($sw.Elapsed).tostring("mm:ss")
# Display Summary
"`nChecked $($dcs.count) DC's for $dn in $timeRunning Minutes"
"`nServer Last Logon : $LastServer at $maxlogon"
what did you say !!, ... 5 Lines ???
Oops, I overdid the commenting since then LOL :-)
but, remember the scripting guys example only outputs the lastlogon time in the end,
if you remove the comments, timekeeping and status output there is not much left ;-)
$DN = "CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com"
$UtcOffset = [timezone]::CurrentTimeZone.GetUtcOffset($(get-date)).hours
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dcs = $dom.DomainControllers
[dateTime]$MaxLogon = "1-1-1980";$dcs | foreach {trap{continue};$de = new-object System.DirectoryServices.DirectoryEntry("LDAP://$($_.name)/$DN")
$LastLogon = ([datetime]::FromFileTime((Get-IADsLargeInteger $de.get_Properties()["LastLogon"].Value))).AddHours($UtcOffset)
if ($maxlogon -lt $LastLogon) {$maxlogon = $LastLogon;$LastServer = $_.name}
}
$maxlogon
$UtcOffset = [timezone]::CurrentTimeZone.GetUtcOffset($(get-date)).hours
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dcs = $dom.DomainControllers
[dateTime]$MaxLogon = "1-1-1980";$dcs | foreach {trap{continue};$de = new-object System.DirectoryServices.DirectoryEntry("LDAP://$($_.name)/$DN")
$LastLogon = ([datetime]::FromFileTime((Get-IADsLargeInteger $de.get_Properties()["LastLogon"].Value))).AddHours($UtcOffset)
if ($maxlogon -lt $LastLogon) {$maxlogon = $LastLogon;$LastServer = $_.name}
}
$maxlogon
enjoy,
gr /\/\o\/\/
Tags : Monad msh
