Question : ADFIND, DSQUERY or LDAP Querie for Pulling LastLogOn

Hello Experts!

This is probably a pretty easy request as all I need to do is pull the following attributes for users/computer objects in AD:

1.) DN Path
2.) UserPrincipleName
3.) DisplayName
4.) LastLogonTimeStamp
5.) WhenCreated

What I have presently is great, however my problem is this when I open the .CSV because some of my OU's are thrown out of wack because there several OU layers deep, some of them 4 to 6 layers deep. So when I look at my CSV file looking at the top level OU I'll see a few display names in the same column makes for sorting sort of difficult because there are over 70,000 rows of data.

adfind -default -bit -f "&(objectcategory=person)(objectclass=user)(!userAccountControl:AND:=2)" samaccountname userprincipalname displayname lastlogontimestamp whencreated -csv -tdca > c:\xxxx\xxxxx\LastLogonReport.csv

In a perfect world, what I'd like to do is pull the above info in nice neat columns (so i can atleast sort them) and be able to specify how long it has been since that user has logged in. i.e. 30-60 days, 61-120 days ect, ect...didn't know if this was possible or not and then of course have the results piped out to a .CSV file. Don't know what query language would be best i.e. ADFIND, DSQUERY or LDAP for this?

Answer : ADFIND, DSQUERY or LDAP Querie for Pulling LastLogOn

Okay so...

The simple form of the query below is this:

Get-QADUser -Enabled -IncludedProperties LastLogonTimeStamp -SizeLimit 0 |
Select-Object DN, UserPrincipalName, DisplayName, LastLogonTimeStamp, WhenCreated |
Export-CSV SomeFile.csv

The code below extends this command, adding a column denoting a period when the account last logged on.

Everything neatly in columns, and, hopefully, you get the perfect world too ;)

Chirs

                       
         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:

           
           
             # Requires Quest CmdLets: http://www.quest.com/powershell/activeroles-server.aspx

# The interval between dates. Will produce these in the final column: 0 to 30; 30 to 60, etc.
$DateRange = 30

# Use Quest CmdLets to get the users
Get-QADUser -Enabled -IncludedProperties lastLogonTimeStamp -SizeLimit 0 | %{
  # Hold onto this for convenience
  $LastLogon = $_.LastLogonTimeStamp

  # Reset the IntervalString and Multiplier values
  # Starts by looking for dates less than 30 days old, incremented by 30 on each pass of the loop
  $IntervalString = ""; $Multiplier = 1

  If ($LastLogon -ne $Null) {
    Do {
      # See if the logon date is after the specified date
      If ($LastLogon -gt (Get-Date).AddDays(-($DateRange * $Multiplier))) {

        # Record this value as "0 to 30", or "30 to 60", etc
        $IntervalString = "$($DateRange * ($Multiplier - 1)) to $($DateRange * $Multiplier)"
      }

      # Increment the multiplier
      $Multiplier++

    # Until it has a value
    } While ($IntervalString -eq "")
  } Else {
    $IntervalString = "N/A"
  }

  # Generate the output
  $_ | Select-Object DN, UserPrincipalName, DisplayName, LastLogonTimeStamp, WhenCreated, `
    @{n='Range';e={ $IntervalString }}
# Export it all to a CSV
} | Export-CSV "SomeFile.csv" -NoTypeInformation

           
         