Who’s been logging into machines in my domain? And when were the accounts created?

If you’re looking to find out who has been logging into machines in your domain, this powershell will tell you just that.  You could change out the line that finds the last logon date where it is greater than the current date minus 30 to a higher number, if you wanted to know who logged in for, say, 60 days or so.  All you would need to do is change the -30 to your desired number.

 

You may not care about who logged in and instead want to know about accounts that were created in the last 30 days.  In that case you would change this line:

$User | Where-Object {$_.LastLogonDate -gt $date.adddays(-30)} |

 

to use the “whenCreated” Property, like this

$User | Where-Object {$_.whenCreated -gt $date.adddays(-30)} |

 

Here’s the full script to find who logged in

Here’s the full script to find which accounts were created in the last 30 days:

I hope this helps you in your auditing of your SharePoint and your domain.  Note:  This does not tell you who logged into SharePoint; but, instead only tells you who logged into your domain and this needs to be run from a server that is either a domain controller, or has access to the Active Directory Powershell module.

Leave a Reply