Last Login from all Domain Controllers

Requires Active Directory Module. Just cut and paste into PowerShell then run the command as shown in the example.

function Get-ADUserLastLogon([string]$userName) {
    $dcs = Get-ADDomainController -Filter {Name -like "*"}
    $time = 0
    foreach($dc in $dcs) {
        $hostname = $dc.HostName
        $user = Get-ADUser $userName -Server $hostname -Properties lastLogon 
        if($user.LastLogon -gt $time) 
        {
            $time = $user.LastLogon
        }
    }
    $dt = [DateTime]::FromFileTime($time)
    "$username last logged on at: $($dt.ToString("yyyy/MM/dd HH:mm:ss"))"
}

Example:

    Get-ADUserLastLogon -UserName JoeBloggs

Additional configurations,
if you wish to exclude specific domain controllers due to communication limitations such as all DCs with DMZ in their name change line two to,

    $dcs = Get-ADDomainController -Filter {Name -notlike "*DMZ*"}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s