"Lastlogon" Or "Lastlogontimestamp”

"Lastlogon" Or "Lastlogontimestamp”


-          Last day I got a little chat with my management regarding migrating some Active directory users from an old domain to our new domain.

-          Now before talking about policy differences between the old and the new, we came to know that there are many dummy accounts in the old domain, so before migration, we wanted to know the active users who are logging in at least once in the month.



 -          I already know about “Lastlogon” and “lastlogontimestamp” attributes, but I was confused which one I should retrieve…



 -           After some research, I found that both can be used, but the most accurate one is “lastlogon”, but the problem is this attribute will not replicate to other domain controllers, for example: -          Let’s say I have one pc, one user and 3 domain controllers(DC1, 2, and 3), the pc send an authentication request to DC1, the “lastlogon” attribute for usr1 will take the current date and time once the authentication established and completed. The main problem here is that you won’t find the values of “lastlogon” in other DC’s.  The next day, usr1 logged in but this time the request went to DC2, again the same thing happened, current date and time recorded in DC2, but not DC1 or DC3…



 -          Because I love scripting, I decided to write some scratches in PowerShell to work around this problem.


 -          When it comes to AD and PowerShell, there are two common ways to access or manage Active Directory, using Microsoft AD Module for PowerShell, or Using Quest Snap-in, check out these links for more information about them :


 -          https://technet.microsoft.com/en-us/library/ee617195.aspx  & https://support.software.dell.com/download-install-detail/5024645 -          Any way let’s get to the point, I created this scratch using PowerShell with both ways (Quest active roles & MS AD Module), the code goes something like this :



# Using both MS AD module and Quest Active roles
# Remember to change the values of these attributes : -Searchroot , -Searchbase, -Service and -UserName to the correct values based on your doamin 
Add-PSSnapin quest*
Import-Module Active*
# use your domain user name and password..
$c = Get-Credential -UserName "doamin\loginid" -Message "__"
#Path of the Text file where the users existed...
$re = Get-Content -Path "C:\Users\faarooq\Desktop\HSA.txt"
Connect-QADService -Service "ngha.med" -Credential $c
foreach ($dd in $re)
{ # using Qest Active roles
$dcnames = (Get-QADComputer -SearchRoot "OU=Domain Controllers,DC=SubDoamin,DC=Domain" -LdapFilter "(name=*)" -IncludedProperties dNSHostName).dNSHostName
# if you want to use MS AD Module
#(Get-ADComputer -SearchBase "OU=Domain Controllers,DC=KAMC-JD,DC=ngha,DC=med" -LDAPFilter "(!name=RIYSVCDC-206)" -Properties name).Name
#(Get-QADComputer -SearchRoot "OU=Domain Controllers,DC=KAMC-RD,DC=ngha,DC=med" | where {$_.Name -ne "RIYSVCDC-206"}).Name
foreach ($d in $dcnames){   # looping using MS AD Module
$lastslogonval = (Get-ADUser -SearchBase "DC=SubDoamin,DC=Domain" -LDAPFilter "(samaccountname=$dd)" -SearchScope Subtree -Properties lastlogon  -Server $d).lastlogon
# using Quest Active roles..
#(Get-QADUser -Identity $dd -Service "$d.subDoamin.Domain" -SearchRoot "DC=SubDoamin,DC=Domain" -Credential $c -IncludedProperties lastlogon).lastlogon
# Using MS AD Module
$SMTPVal = (Get-ADUser -SearchBase "DC=SubDoamin,DC=Domain" -LDAPFilter "(samaccountname=$dd)" -Properties ProxyAddresses -Server $d).ProxyAddresses | Select-String -Pattern "SMTP*"
# using Quest Active roles..
#(Get-QADUser -Identity $dd -Service "$d.SubDomain.Domain" -SearchRoot "DC=SubDoamin,DC=Domain" -Credential $c -IncludedProperties ProxyAddresses).ProxyAddresses | Select-String -Pattern "SMTP*"
#Write-Host "lastlogn on $d is : $lastslogonval"
if ($lastslogonval){
# creating an ArrayList and the values of the "lastlogon" attribute for each user 
$arr = [System.Collections.ArrayList]@()
$arr.Add($lastslogonval) | Out-Null
}
}
if ($SMTPVal){ #creating an ArrayList and the values of the "proxyaddresses" attribute for each user
$arr2 =[System.Collections.ArrayList]@()
$arr2.Add($SMTPVal) | Out-Null
}
$max = ($arr  | Measure-Object -Maximum).Maximum # Getting the lates lastlogon date in the array 
Write-Host $dd + ">>" + [datetime]::FromFileTime($max) + ">>" + $arr2 #writing on the screen
$wr = $dd + ">>" + [datetime]::FromFileTime($max) + ">>" + $arr2
$wr | Out-File -Append -FilePath y:\KAMC-HS.txt # writing rusult to a text file
$arr.Clear() 
$arr.Clear()

}
Disconnect-QADService





-          Go to this link and you will have a good idea about this, and you will understand why I chose “lastlogon” instead of “lastlogontimestamp”
 https://social.technet.microsoft.com/Forums/windowsserver/en-US/1ae08081-dcfe-44cd-bc3b-f5ac26d53f76/difference-between-lastlogon-and-lastlogontimestamp?forum=winserverDS 




-          You can notice that I already mentioned two lines of each step while gathering the information related to AD, rest of the stuff are just normal PowerShell Scratching…-          Sadly, I gotta go now, Happy scripting, Hasta luego todos…. Remember to read the comments carefully...



-           

Comments

  1. AnonymousJanuary 31, 2022 at 10:27 AM

    [XN Betting] - XN Affiliate Casino
    XN Betting. 샌즈카지노 XN Esports offers 메리트카지노총판 an amazing platform that offers the best live betting experience available 바카라 사이트 in the most attractive, rewarding and entertaining

    ReplyDelete

Post a Comment

Popular posts from this blog

Monitoring your servers using powershell

There were sometimes in my work life were I had to do things my own way and there was no help from anyone.... I created this script 2 years ago to monitor all my windows servers. This script is divided into PowerShell functions. Each function can monitor a certain resource in your server. Take a look: ### Script starts here Function Ping-server { param([string]$ServerName) $pingsrv = Test-Connection -ComputerName $ServerName if ($pingsrv){Write-Host "server " $ServerName "is reachable.."}else {Write-Host "server " $ServerName " is not reachable!!!!, please chack..."} } function get-volsize { param([string]$ServerName) $getvols = Get-WmiObject -Class CIM_LogicalDisk -ComputerName $ServerName  | where {$_.DriveType -eq "3"} foreach ($rr in $getvols) { $devid = $rr.DeviceID $VolName = $rr.VolumeName $DriveFullsp = $rr.Size $DriveFresp = $rr.FreeSpace $UsedSpace = $DriveFullsp - $DriveFresp $PercentFree =($DriveFr...
Read more
Parsing PDF to text using PowerShell There are times when you come and you find some Important PDF file (Something like a low level design or something similar), The point is I really hate PDF files... I was googling a way which i can use to read PDF files using PowerShell, this can be helpful of you have a lots of PDF files and you want to filter these PDF's based on certain word or a string (Using a regex or something similar to do that). I know i was talking too much so let cut to the chase : I found this amazing .NET library which you can use to parse a PDF file(Convert it into a text). The library is called "ITextSharp", here you can fidn some information about it : http://sourceforge.net/projects/itextsharp/?source=typ_redirect I assume that you already know what the hell I am talking about so, This is the code which i got from from Stack Overflow : http://stackoverflow.com/questions/15684699/how-to-parse-pdf-content-to-database-with-pow...
Read more

IP Calculator in PowerShell...with IP exclusion

Hola todos... que pasa? It has been a while since i post i was really busy with so many stuff, bottom line, i had this strange requirement at work where i had to create a script to calculate the IP address from a subnet, now normally this means we have to create a bunch of scopes or subnets in the DHCP server, which was my case, i had to create more than 4 thousand scopes on Linux DHCP server. now I was thinking how in the hell I am going to insert all these scopes in the configuration file, of course the first things I came up with was to provide the mandatory information (First IP, last IP, broadcast IP and number of hosts) which was not a big problem, I found this link : https://gallery.technet.microsoft.com/scriptcenter/ipcalc-PowerShell-Script-01b7bd23 This guy did a very good job and save my ass, but this was not the issue, in my situation, I had to exclude the first 48 IP addresses from each scope. Now in Linux DHCP configuration file, each scope was represent...
Read more