List computers in AD with LastLoginTimestamp

List Workstation OS computers,

get-adcomputer -filter {OperatingSystem -notlike '*server*'} -Properties OperatingSystem,LastLogonTimestamp | Sort LastLogonTimestamp | Select Name,OperatingSystem,@{Name='LastLogonTimestamp'; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp).ToString("dd/MM/yyyy")}}

List Server OS computers,

get-adcomputer -filter {OperatingSystem -notlike '*server*'} -Properties OperatingSystem,LastLogonTimestamp | Sort LastLogonTimestamp | Select Name,OperatingSystem,@{Name='LastLogonTimestamp'; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp).ToString("dd/MM/yyyy")}}
Advertisements

All users who have logged in to AD in the past x hours

This query grabs all the users who have a last logon timestamp shorter than 15 days ago and then for each of those users checks each of the Domain Controllers for the latest logon and reports the user if they have logged in in the past 8 hours.

$dcs = Get-ADDomainController -Filter *
$FileDate = [DateTime]::Now.AddDays(-15).ToFileTime()
Get-AdUser -filter {LastLogonTimestamp -gt $FileDate} | ForEach {
    $time = 0
    foreach($dc in $dcs)
    { 
        $user = Get-ADUser $_.Name -Server $dc.HostName -Properties lastLogon 
        if($user.LastLogon -gt $time) 
        {
            $time = $user.LastLogon
        }
    }
    $dt = [DateTime]::FromFileTime($time)
    If ($dt -gt [DateTime]::Now.AddHours(-8)) {"$($_.Name) last logged on at: $dt"}
}

Convert all group types in OU with Powershell

Using the following command will convert every group in that OU (and sub OUs unless you add the -SearchScope OneLevel switch) to type Distribution with Scope Global.

get-adgroup -filter * -SearchBase "OU=Groups,DC=work,DC=com" | ForEach {$x=[ADSI]"LDAP://CN=$($_.Name),OU=Groups,DC=work,DC=com"; $x.Put("groupType","2"); $x.setInfo()}

To change to the following group types/scopes use the following values for “groupType”,

Distribution – Universal = 8
Distribution – Domain Local = 4
Distribution – Global = 2

**STILL CANNOT GET THE FOLLOWING TO WORK**
Security – Universal = -2147483640
Security- Domain Local = -2147483644
Security- Global = -2147483646

Audit all users in Active Directory

This will output all users in the domain with their last login timestamp converted to dd/mm/yyyy format, creation date, and enabled value.

get-aduser -Filter * -Property whenCreated, LastLogonTimeStamp, AccountExpirationDate | Select Distinguishedname, whenCreated,@{Name='LastLogonTimestamp'; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp).ToString("dd/MM/yyyy")}}, AccountExpirationDate, Enabled | Export-CSV output.csv

Add the following switch to the get-aduser command to limit the search,

-SearchBase "OU=staff,ou=users,ou=business,dc=work,dc=com"

Add the following command to exclude any objects in the sub OU ‘Archive’,

| Where {$_.DistinguishedName -notlike '*Archive*'}

Add the following switch to get-aduser command to not search sub OUs,

-SearchScope OneLevel

Example below with all options,

get-aduser -filter * -SearchBase "OU=staff,ou=users,ou=business,dc=work,dc=com" -SearchScope OneLevel -Property whenCreated, LastLogonTimeStamp, AccountExpirationDate | Select Distinguishedname, whenCreated, @{Name='LastLogonTimestamp'; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp).ToString("dd/MM/yyyy")}}, AccountExpirationDate, Enabled | Export-CSV output.csv

Last Login from all Domain Controllers

Requires Active Directory Module. Just cut and paste into PowerShell then run the command as shown in the example.

function Get-ADUserLastLogon([string]$userName) {
    $dcs = Get-ADDomainController -Filter {Name -like "*"}
    $time = 0
    foreach($dc in $dcs) {
        $hostname = $dc.HostName
        $user = Get-ADUser $userName -Server $hostname -Properties lastLogon 
        if($user.LastLogon -gt $time) 
        {
            $time = $user.LastLogon
        }
    }
    $dt = [DateTime]::FromFileTime($time)
    "$username last logged on at: $($dt.ToString("yyyy/MM/dd HH:mm:ss"))"
}

Example:

    Get-ADUserLastLogon -UserName JoeBloggs

Additional configurations,
if you wish to exclude specific domain controllers due to communication limitations such as all DCs with DMZ in their name change line two to,

    $dcs = Get-ADDomainController -Filter {Name -notlike "*DMZ*"}

Export list of subnets from Active Directory Sites and Services

Save the following code,

$Sites = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites
foreach ($Site in $Sites) {
   foreach ($subnet in $site.Subnets) {
      $subnet | Select Name,Site
   }
}

to ‘ExportSites.ps1’ and run the command,

.\ExportSites.ps1 | Export-CSV sites.txt