To detect the last logon date and time for Active Directory users, you can use PowerShell and the LastLogonTimestamp attribute. This attribute indicates the last time a user logged on to the domain and can be used to retrieve the last logon date and time for each user account. Here are the steps to do this:
- Open PowerShell on your domain controller or a computer with the Active Directory PowerShell module installed.
- Run the following command to import the Active Directory module:
Import-Module ActiveDirectory
- Run the following command to retrieve a list of user accounts and their last logon dates and times:
Get-ADUser -Filter {Enabled -eq $true} -Properties Name, SamAccountName, LastLogonTimestamp | Select-Object Name, SamAccountName, @{Name="LastLogon"; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp)}}
The command retrieves all enabled user accounts in the domain and returns the “Name,” “SamAccountName,” and “LastLogon” attributes in a table format. The “LastLogon” attribute is converted from the LastLogonTimestamp value to a readable date and time format.
- Review the list of user accounts and their last logon dates and times.
Note that the LastLogonTimestamp attribute is not updated in real-time and may not reflect the most recent logon activity for a user account. In some cases, you may need to use the LastLogon attribute instead, which is updated in real-time but may not be accurate across domain controllers. Also, keep in mind that the last logon date and time may not reflect a user’s current activity level, as some users may have been granted long-term access to resources and may not need to log on frequently.
