Last Login from all Domain Controllers

Requires Active Directory Module. Just cut and paste into PowerShell then run the command as shown in the example.

function Get-ADUserLastLogon([string]$userName) {
    $dcs = Get-ADDomainController -Filter {Name -like "*"}
    $time = 0
    foreach($dc in $dcs) {
        $hostname = $dc.HostName
        $user = Get-ADUser $userName -Server $hostname -Properties lastLogon 
        if($user.LastLogon -gt $time) 
            $time = $user.LastLogon
    $dt = [DateTime]::FromFileTime($time)
    "$username last logged on at: $($dt.ToString("yyyy/MM/dd HH:mm:ss"))"


    Get-ADUserLastLogon -UserName JoeBloggs

Additional configurations,
if you wish to exclude specific domain controllers due to communication limitations such as all DCs with DMZ in their name change line two to,

    $dcs = Get-ADDomainController -Filter {Name -notlike "*DMZ*"}

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s