Who’s been logging into machines in my domain? And when were the accounts created?

If you’re looking to find out who has been logging into machines in your domain, this powershell will tell you just that.  You could change out the line that finds the last logon date where it is greater than the current date minus 30 to a higher number, if you wanted to know who logged in for, say, 60 days or so.  All you would need to do is change the -30 to your desired number.

 

You may not care about who logged in and instead want to know about accounts that were created in the last 30 days.  In that case you would change this line:

$User | Where-Object {$_.LastLogonDate -gt $date.adddays(-30)} |

 

to use the “whenCreated” Property, like this

$User | Where-Object {$_.whenCreated -gt $date.adddays(-30)} |

 

Here’s the full script to find who logged in

# Import the Active Directory Module
Import-module activedirectory
#
# Create a variable for get-date (current date)
$date = get-date
#
# Create a variable called $User to get all users in Active Directory with all Properties
$User = Get-ADUser -Filter 'objectclass -eq "User"' -Properties *
#
# Display all Users within Active Directory that have been created in the last 30 days
$User | Where-Object {$_.LastLogonDate -gt $date.adddays(-30)} |
#
# Sort the out-put data by LastLogonDate
Sort-Object -Property LastLogonDate |
#
# Display the information with the below headings
Select SamAccountname,UserPrincipalName,whenCreated,LastLogonDate,Enabled |
#
Ft SamAccountname,UserPrincipalName,LastLogonDate,Enabled |
# Export the results to CSV file
Out-file c:\rs-pkgs\UsersLast30Days.csv

Here’s the full script to find which accounts were created in the last 30 days:

# Import the Active Directory Module
Import-module activedirectory
#
# Create a variable for get-date (current date)
$date = get-date
#
# Create a variable called $User to get all users in Active Directory with all Properties
$User = Get-ADUser -Filter 'objectclass -eq "User"' -Properties *
#
# Display all Users within Active Directory that have been created in the last 30 days
$User | Where-Object {$_.whenCreated -gt $date.adddays(-30)} |
#
# Sort the out-put data by LastLogonDate
Sort-Object -Property LastLogonDate |
#
# Display the information with the below headings
Select SamAccountname,whenCreated,LastLogonDate,Enabled |
#
# Export the results to CSV file
Out-file c:\rs-pkgs\UsersLast30Days.csv

I hope this helps you in your auditing of your SharePoint and your domain.  Note:  This does not tell you who logged into SharePoint; but, instead only tells you who logged into your domain and this needs to be run from a server that is either a domain controller, or has access to the Active Directory Powershell module.