PowerShell one liner to export last logon time to csv in a readable format

For those of us in Corporate America, audits are not fun, but they are the price of doing business. It’s not that there is any concern about the information found; rather it’s more about the time it takes to gather the requested information. My auditors usually ask for “lastlogon” of all my Active Directory accounts among other attributes. This is of course one of those fun Microsoft attributes that is calculated in the number of 100-nanosecond intervals since January 1, 1601. Providing that raw data usually doesn’t go over well, so it’s easier to provide a converted number.

PowerShell does not do this automatically and niether does CSVDE. You can resort to DSquery for it, but the formatting is atrocious, and if there are follow up questions, which there always are,  breaking through that formatting becomes your problem. Being a PowerShell guy, I wanted a way to do this there. It’s a simple expression, but something I didn’t find baked into a one-liner in my Google searches. I’d rather it in a one-liner rather than having to do a ForEach, which would take far longer.  This is the expression that I came up with:

LastLogon Expression
@{Name=”LastLogon”;Expression={[DateTime]::FromFileTime($_.lastlogon)}}

In the context of an export, it would look like this:

One-liner Export Code
get-aduser -Filter * -Properties Enabled, SamAccountName, Name, Surname, GivenName, Title, EmployeeID, createTimeStamp, Lastlogon, AccountExpires | select enabled, SamAccountName, Name, Surname, GivenName, Title, EmployeeID, createtimestamp, @{Name=”LastLogon”;Expression={[DateTime]::FromFileTime($_.lastlogon)}}, accountexpires | export-csv AllADUserDetails.csv

Of course, I’m sometimes ask to double check certain users and user accounts. These are usually of terminated employees, and the accounts have been deleted. In this case, I’ll copy the list of requested accounts in a text file and use a get-content to run through a ForEach. Knowing these will result in errors, I try to do a bit of error checking.

Audit Follow-up For Specific Users
$report = @()
$users = get-content “c:\scripts\audit\usernames.txt”
ForEach ($user in $users)
{
$details = $null
$reportObj = New-Object PSObject
$reportObj | Add-Member NoteProperty -Name “Username” -Value $user
$details = (get-aduser $user | get-adobject -properties lastlogon)
If (!$details)
{
$reportObj | Add-Member NoteProperty -Name “Name” -Value “Object Not in AD”
$reportObj | Add-Member NoteProperty -Name “LastLogon” -Value “N/A”
}
Else
{
$readabletime = [DateTime]::FromFileTime($details.lastlogon)
$reportObj | Add-Member NoteProperty -Name “Name” -Value $($details.name)
$reportObj | Add-Member NoteProperty -Name “LastLogon” -Value $readabletime
}
$report += $reportObj
}$report | export-csv audit.csv

These aren’t complicated, but they are useful. I haven’t prettied them up for public consumption, but I’m sure you get the idea if you’ve made it this far.

 

 

tales01

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s