For those of us in Corporate America, audits are not fun, but they are the price of doing business. It’s not that there is any concern about the information found; rather it’s more about the time it takes to gather the requested information. My auditors usually ask for “lastlogon” of all my Active Directory accounts among other attributes. This is of course one of those fun Microsoft attributes that is calculated in the number of 100-nanosecond intervals since January 1, 1601. Providing that raw data usually doesn’t go over well, so it’s easier to provide a converted number.
PowerShell does not do this automatically and niether does CSVDE. You can resort to DSquery for it, but the formatting is atrocious, and if there are follow up questions, which there always are, breaking through that formatting becomes your problem. Being a PowerShell guy, I wanted a way to do this there. It’s a simple expression, but something I didn’t find baked into a one-liner in my Google searches. I’d rather it in a one-liner rather than having to do a ForEach, which would take far longer. This is the expression that I came up with:
|
LastLogon Expression
|
|---|
|
@{Name=”LastLogon”;Expression={[DateTime]::FromFileTime($_.lastlogon)}}
|
In the context of an export, it would look like this:
|
One-liner Export Code
|
|---|
|
get-aduser -Filter * -Properties Enabled, SamAccountName, Name, Surname, GivenName, Title, EmployeeID, createTimeStamp, Lastlogon, AccountExpires | select enabled, SamAccountName, Name, Surname, GivenName, Title, EmployeeID, createtimestamp, @{Name=”LastLogon”;Expression={[DateTime]::FromFileTime($_.lastlogon)}}, accountexpires | export-csv AllADUserDetails.csv
|
Of course, I’m sometimes ask to double check certain users and user accounts. These are usually of terminated employees, and the accounts have been deleted. In this case, I’ll copy the list of requested accounts in a text file and use a get-content to run through a ForEach. Knowing these will result in errors, I try to do a bit of error checking.
|
Audit Follow-up For Specific Users
|
|---|
|
$report = @()
$users = get-content “c:\scripts\audit\usernames.txt” ForEach ($user in $users) { $details = $null $reportObj = New-Object PSObject $reportObj | Add-Member NoteProperty -Name “Username” -Value $user $details = (get-aduser $user | get-adobject -properties lastlogon) If (!$details) { $reportObj | Add-Member NoteProperty -Name “Name” -Value “Object Not in AD” $reportObj | Add-Member NoteProperty -Name “LastLogon” -Value “N/A” } Else { $readabletime = [DateTime]::FromFileTime($details.lastlogon) $reportObj | Add-Member NoteProperty -Name “Name” -Value $($details.name) $reportObj | Add-Member NoteProperty -Name “LastLogon” -Value $readabletime } $report += $reportObj }$report | export-csv audit.csv |
These aren’t complicated, but they are useful. I haven’t prettied them up for public consumption, but I’m sure you get the idea if you’ve made it this far.
Tales from the Shell Script 
I’m so excited as finally I found what I was looking for, i.e. to find user/s details in one line.
Thank you so very much
LikeLike