This blog has moved to http://ThePowerShellGuy.com
Greetings /\/\o\/\/
This script will check all Domaincontrollers for the lastlogontime of a user.
I started this script a while ago (see
Monad(MSH) Beta 3 is getting closer ), after this (
How can I determine the last time a user logged on to Active Directory? ) scripting guys article.
I wanted to do this in 4 lines from MSH, but I had some problems getting the IADsLargeInteger value (the LastLogon property is stored like one), but as I have written a Snap-in for this, (See
MSH snap-in to Translate IADsLargeInteger to Int64 ), I could now finish it.
This script is not 4 lines, first for readability, and I decided to do some timing in the script also.
the script will list the last logontime from every domaincontroller and keeps a counter running that keeps the time, as I was running this on a worldwide 200 + DC's Domain, I was interested in timing this.
the Output looks like this :
00:00 Site172DC002.Domain.mow.com Never
00:00 Site173dc002.Domain.mow.com Never
00:00 Site172dc001.Domain.mow.com Never
00:03 Site101dc000.Domain.mow.com Never
...
...
06:25 Site101dc002.Domain.mow.com 2005-12-27 13:40:45
06:25 Site101dc001.Domain.mow.com 2005-12-27 13:41:25
06:25 Site102dc000.Domain.mow.com Never
06:25 Site105dc002.Domain.mow.com Never
06:27 Site107dc001.Domain.mow.com Never
06:30 Site123dc000.Domain.mow.com Never
06:35 Site143dc001.Domain.mow.com Never
06:39 Site153dc001.Domain.mow.com Never
06:41 Site163dc001.Domain.mow.com Never
06:42 Site101dc001.Domain.mow.com Never
06:43 Site105dc001.Domain.mow.com Never
06:45 Site144dc001.Domain.mow.com Never
06:45 Site108dc002.Domain.mow.com 2006-01-23 12:10:35
06:45 Site154dc000.Domain.mow.com Never
06:46 Site113dc001.Domain.mow.com Never
06:46 Site183dc001.Domain.mow.com Never
06:46 Site133dc001.Domain.mow.com Never
Checked 231 DC's for CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com in 06:47 Minutes
Server Last Logon : Site108dc002.Domain.mow.com at 2006-01-23 12:10:35
(ofcourse I scrabled this a bit, any double DC's are my mistake, not Monads ;-) )the final script looks like this :
# Check-LastLogon.MSH
# check all Domaincontrollers for the lastlogontime of a user
#
# Uses the Get-IADsLargeInteger Snapin you can find here :
# http://mow001.blogspot.com/2006/01/msh-snap-in-to-translate.html
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
# fill in full DN of user
$DN = "CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com"
# Gets UTC offset to translate lastlogon time from UTC to local
$UtcOffset = [timezone]::CurrentTimeZone.GetUtcOffset($(get-date)).hours
# Get All Domaincontrollers
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dcs = $dom.DomainControllers
# Add stopWatch for Timing
$sw = new-object System.Diagnostics.Stopwatch
$sw.start()
# Find Lastlogon times
[dateTime]$MaxLogon = "1-1-1980"
$dcs | foreach {
trap{continue}
# Connect to Domain Controller
$de = new-object System.DirectoryServices.DirectoryEntry("LDAP://$($_.name)/$DN")
# here we do some translations to get the LargeInterger to a Local DateTime Object
$LastLogon = "Never"
$LastLogon = ([datetime]::FromFileTime((Get-IADsLargeInteger $de.get_Properties()["LastLogon"].Value))).AddHours($UtcOffset)
# Display Time-running DC name and Time
$timeRunning = [datetime]::parse($sw.Elapsed).tostring("mm:ss")
"$TimeRunning $($_.name) $LastLogon"
# update $maxlogon if found date is later
if ($maxlogon -lt $LastLogon) {$maxlogon = $LastLogon;$LastServer = $_.name}
}
# Stop Timing
$sw.stop()
$timeRunning = [datetime]::parse($sw.Elapsed).tostring("mm:ss")
# Display Summary
"`nChecked $($dcs.count) DC's for $dn in $timeRunning Minutes"
"`nServer Last Logon : $LastServer at $maxlogon"
what did you say !!, ... 5 Lines ???Oops, I overdid the commenting since then LOL :-)
but, remember the scripting guys example only outputs the lastlogon time in the end,
if you remove the comments, timekeeping and status output there is not much left ;-)
$DN = "CN=Mow08946,OU=Users,OU=MowOU,DC=Domain,DC=Mow,DC=com"
$UtcOffset = [timezone]::CurrentTimeZone.GetUtcOffset($(get-date)).hours
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::getcurrentdomain()
$dcs = $dom.DomainControllers
[dateTime]$MaxLogon = "1-1-1980";$dcs | foreach {trap{continue};$de = new-object System.DirectoryServices.DirectoryEntry("LDAP://$($_.name)/$DN")
$LastLogon = ([datetime]::FromFileTime((Get-IADsLargeInteger $de.get_Properties()["LastLogon"].Value))).AddHours($UtcOffset)
if ($maxlogon -lt $LastLogon) {$maxlogon = $LastLogon;$LastServer = $_.name}
}
$maxlogon
enjoy,
gr /\/\o\/\/
Tags : Monad msh