Share via

Getting list of users who logged in within 5 days..

Rohit Boddu 471 Reputation points
2020-11-11T10:23:45.57+00:00

Hi,

I want to get the list of users who has logged in into server within last 5 days..

i asked one of my users to log in and log out from system .. and i ran the script .. i thought i will get his entry of user logon in list .. but in results it is not appearing ..

i will share script below ..

When we run "Get-AdUser" command will its scope is related to current machine in which the command being run or is it applicable to entire active directory ..

/*

$value = get-aduser -filter * -properties * | Where-object {$.lastlogondate -ge (get-date).adddays(-5)}
$ulist1= $value1 | Select-object Name, LastLogonDate, SamAccountName

*/

I mean i want to get users who are logged in specific server (in my case i want to get the user list of only my terminal server) and not across all servers ..

Please help me in this to solve this problem ..

Regards,
Rohit..

Windows for business Windows Server User experience PowerShell
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SChalakov 10,576 Reputation points MVP Volunteer Moderator
    2020-11-11T11:25:15.457+00:00

    Hi Rohit,

    getting the user logon history is not that trivial as it might sound. It requires the presence of certain Events in regards to the particular server, events which are logged when you turn on Auditing and which have to be analyzed in order to get proper results.
    Here are some cool references, which depict each step in details:

    Finding User Login History and Last Logon by User Logon Event ID
    https://adamtheautomator.com/powershell-user-logon-event-id-history/

    Active Directory: How to Get User Login History using PowerShell
    https://social.technet.microsoft.com/wiki/contents/articles/51413.active-directory-how-to-get-user-login-history-using-powershell.aspx

    I am npot quite sure how exactly you get the logon history, but you certainly need audit events for that. So in your case if you don't have such, this might be the cause.

    Hope I was able to help. Regards,

    (If the reply was helpful please don't forget to upvote or accept as answer, thank you)
    Regards,
    Stoyan

  2. Anonymous
    2020-11-12T08:30:43.643+00:00

    Hi,

    The LastLogonDate (actually LastLogonTimeStamp) is not updated every time a user logs on to the domain. The attribute is updated only when the difference between current logon time and previous LastLogonTimeStamp value is greater than an interval which is random between 9-14 days by default. In your case you may change the interval (msDS-LogonTimeSyncInterval) to 5 in ADSI Edit.

    https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx
    https://learn.microsoft.com/en-us/archive/blogs/askds/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works

    Best Regards,
    Ian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. Chris 656 Reputation points
    2021-01-07T17:50:11.753+00:00

    I think it is better you make a simple GPO Logonscript and write the Logoninformation into a text file and analyse this with Excel or other tools.

    We do this since many year and save time and problems with all other solutions.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.