Wednesday, 27 November 2013

Get the AD and User accounts list based on last Logon Date through PowerShell

To Get the Services Accounts

Get-ADUser -Filter 'Name -like "*SvcAccount"' | FT Name,SamAccountName

To get the user account krbtgt Properties.

Get-ADUser krbtgt -Properties Name | FT Name, createTimeStamp, LastLogonDate, whenCreated, DistinguishedName

To Search the complete Organization Unit Finance for user details.

Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"

To get the user account Madhu Properties with formating Table option.

Get-ADUser Madhu -Properties Name | FT Name, LastLogonDate, DistinguishedName, Enabled -AutoSize | Out-String -Width 400

To get the list of User account who are reporting since last 90 Days through last logon date and importing the results a file ADUSR.txt

$d = [DateTime]::Today.AddDays(-90); Get-ADUser -Filter 'LastLogonDate -ge $d' -Properties LastLogonDate | FT Name,createTimeStamp, LastLogonDate, whenCreated, DistinguishedName | Format-Table -AutoSize | Out-String -Width 400 > C:\reports\ADUSR.txt

Below list is PowerShell commands.

Here is the command to get AD computer accounts which are reporting to AD less than 90 days based on last logon date.

$d = [DateTime]::Today.AddDays(-2000); Get-ADComputer -Filter 'LastLogonDate -ge $d' -Properties LastLogonDate | FT Name, Enabled, LastLogonDate

Here is the commands list the get AD computer accounts which are set their password less than 90 days

$d = [DateTime]::Today.AddDays(-90); Get-ADComputer -Filter 'PasswordLastSet -ge $d' -Properties PasswordLastSet | FT Name,PasswordLastSet

Execute the below command to retrieve the Last Logon time stamp for computer account by executing the below command

Get-ADComputer -Filter 'Enabled -eq "False"' -Properties LastLogonDate |FT Name,LastLogonDate

1 comment:

  1. Excellent, thanks for sharing the script, but I tried the automate tool from http://www.lepide.com/active-directory-cleaner/ that assist to get the active directory user accounts list which are based on last log on details of account and manage inactive user accounts and move them to another OU.

    ReplyDelete