连国 于 530 Reputation points




Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,186 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,449 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Rich Matheisen 45,671 Reputation points

    First, understand that there are two AD properties that hold a "logon date". One is accurate, the other may be several days behind because it's replicated in frequently.

    Second, I think you're attempting to find privileged users (i.e., users that are members of privileged groups). Those users would have a property named "adminCount" with a non-zero value. You should be able to get that list using Get-ADUser with a LDAPFilter parameter:

    Get-ADUser -LDAPFilter "(objectClass=user)(objectCategory=Person)(adminCount=1)"

    Keep in mind that you may encounter users that are NO LONGER members of a privileged group that still have an adminCount property value set to 1. I don't know if MS ever fixed that problem in the AD, but it was common years ago. You can safely set to adminCount to zero if the user is truly no longer a member of any privileged group.

    0 comments No comments