/\/\o\/\/ PowerShelled

This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$AtomFeed = ("Atom.xml")
$PreviousItems = (" Some fun With Monads Add-Member, MP3 files and COM... "," MSH snap-in to Translate IADsLargeInteger to Int64... "," Commandline editing with MSH. "," MSH Scroll-host function "," Series about Monad on Computerworld "," Watching FSRM Quota and filescreen events from Mon... "," More ACL and MSH on MSH for Fun "," Jelle "," Monad and "Jeugd sentiment" "," Monad Beta 3 Docs changes "," ")

Monday, January 23, 2006


get a Users LastLogontime and Domaincontroller from MSH

This script will check all Domaincontrollers for the lastlogontime of a user.

I started this script a while ago (see Monad(MSH) Beta 3 is getting closer ), after this (How can I determine the last time a user logged on to Active Directory? ) scripting guys article.

I wanted to do this in 4 lines from MSH, but I had some problems getting the IADsLargeInteger value (the LastLogon property is stored like one), but as I have written a Snap-in for this, (See
MSH snap-in to Translate IADsLargeInteger to Int64 ), I could now finish it.

This script is not 4 lines, first for readability, and I decided to do some timing in the script also.

the script will list the last logontime from every domaincontroller and keeps a counter running that keeps the time, as I was running this on a worldwide 200 + DC's Domain, I was interested in timing this.

the Output looks like this :

00:00 Site172DC002.Domain.mow.com Never
00:00 Site173dc002.Domain.mow.com Never
00:00 Site172dc001.Domain.mow.com Never
00:03 Site101dc000.Domain.mow.com Never
06:25 Site101dc002.Domain.mow.com 2005-12-27 13:40:45
06:25 Site101dc001.Domain.mow.com 2005-12-27 13:41:25
06:25 Site102dc000.Domain.mow.com Never
06:25 Site105dc002.Domain.mow.com Never
06:27 Site107dc001.Domain.mow.com Never
06:30 Site123dc000.Domain.mow.com Never
06:35 Site143dc001.Domain.mow.com Never
06:39 Site153dc001.Domain.mow.com Never
06:41 Site163dc001.Domain.mow.com Never
06:42 Site101dc001.Domain.mow.com Never
06:43 Site105dc001.Domain.mow.com Never
06:45 Site144dc001.Domain.mow.com Never
06:45 Site108dc002.Domain.mow.com 2006-01-23 12:10:35
06:45 Site154dc000.Domain.mow.com Never
06:46 Site113dc001.Domain.mow.com Never
06:46 Site183dc001.Domain.mow.com Never
06:46 Site133dc001.Domain.mow.com Never

Checked 231 DC's for CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com in 06:47 Minutes

Server Last Logon : Site108dc002.Domain.mow.com at 2006-01-23 12:10:35 

(ofcourse I scrabled this a bit, any double DC's are my mistake, not Monads ;-) )

the final script looks like this :

# Check-LastLogon.MSH  
# check all Domaincontrollers for the lastlogontime of a user 
# Uses the Get-IADsLargeInteger Snapin you can find here :
# http://mow001.blogspot.com/2006/01/msh-snap-in-to-translate.html
# /\/\o\/\/ 2006  
# http://mow001.blogspot.com 

# fill in full DN of user

$DN = "CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com"

# Gets UTC offset to translate lastlogon time from UTC to local
$UtcOffset = [timezone]::CurrentTimeZone.GetUtcOffset($(get-date)).hours

# Get All Domaincontrollers 

$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dcs = $dom.DomainControllers

# Add stopWatch for Timing

$sw = new-object System.Diagnostics.Stopwatch

# Find Lastlogon times 

[dateTime]$MaxLogon = "1-1-1980"
$dcs | foreach {

    # Connect to Domain Controller 

    $de = new-object System.DirectoryServices.DirectoryEntry("LDAP://$($_.name)/$DN")
    # here we do some translations to get the LargeInterger to a Local DateTime Object

    $LastLogon = "Never"
    $LastLogon = ([datetime]::FromFileTime((Get-IADsLargeInteger $de.get_Properties()["LastLogon"].Value))).AddHours($UtcOffset)

   # Display Time-running DC name and Time 

   $timeRunning = [datetime]::parse($sw.Elapsed).tostring("mm:ss")
   "$TimeRunning $($_.name) $LastLogon"

   # update $maxlogon if found date is later

   if ($maxlogon -lt $LastLogon) {$maxlogon = $LastLogon;$LastServer = $_.name}

# Stop Timing 

$timeRunning = [datetime]::parse($sw.Elapsed).tostring("mm:ss")

# Display Summary

"`nChecked $($dcs.count) DC's for $dn in $timeRunning Minutes"
"`nServer Last Logon : $LastServer at $maxlogon" 

what did you say !!, ... 5 Lines ???

Oops, I overdid the commenting since then LOL :-)

but, remember the scripting guys example only outputs the lastlogon time in the end,
if you remove the comments, timekeeping and status output there is not much left ;-)

$DN = "CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com"
$UtcOffset = [timezone]::CurrentTimeZone.GetUtcOffset($(get-date)).hours
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dcs = $dom.DomainControllers
[dateTime]$MaxLogon = "1-1-1980";$dcs | foreach {trap{continue};$de = new-object System.DirectoryServices.DirectoryEntry("LDAP://$($_.name)/$DN")
    $LastLogon = ([datetime]::FromFileTime((Get-IADsLargeInteger $de.get_Properties()["LastLogon"].Value))).AddHours($UtcOffset)
    if ($maxlogon -lt $LastLogon) {$maxlogon = $LastLogon;$LastServer = $_.name}


gr /\/\o\/\/
Tags :

Comments: Post a Comment

<< Home


October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   May 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006   December 2006  

$Links = ("PowerShell RC1 Docs"," PowerShell RC1 X86"," PowerShell RC1 X64"," Monad GettingStarted guide"," Monad Progamming Guide"," Monad SDK"," Monad videos on Channel 9"," MSH Community Workspace"," scripts.readify.net "," MonadSource"," www.reskit.net"," PowerShell Blog"," Under The Stairs"," computerperformance powershell Home"," proudlyserving"," MSH on wikipedia"," MSHWiki Channel 9"," Keith Hill's Blog"," Precision Computing"," PowerShell for fun"," MSH Memo (Japanese)"," monadblog")

find-blog -about "PowerShell","Monad" | out-Technorati.
find-blog -contains "","" | out-Technorati.
Web mow001.blogspot.com

This page is powered by Blogger. Isn't yours?