Last Logon Time / Authentication of a AD or Service User Account – #Powershell
Sometimes it is helpful to know when an AD user or an AD function account has been authenticated the last time. After some failed attempts with “LastLogonDate” I found the correct value in the “LastLogon” property. This value is not replicated between the domain controllers. In addition, it is a not a readable date (it’s in ticks).
The following script determines the latest authentication of an account on all domain controller in a domain (one-liner):
1
|
( [DateTime][long] ($( ForEach ( $dc in (( get-addomaincontroller -filter *).name)){( Get-ADUser -Identity "<userlogonname>" -Properties "LastLogon" -server $dc ).LastLogon}) | Measure -Maximum ).Maximum).AddYears(1600) |
Or somewhat clearer:
1
2
3
4
5
6
|
( [DateTime][long] ( $( ForEach ( $dc in (( get-addomaincontroller -filter *).name)) { ( Get-ADUser -Identity "<userlogonname>" -Properties "LastLogon" -server $dc ).LastLogon } ) | Measure -Maximum ).Maximum).AddYears(1600) |
Sample:
See also: