#PSTip Get last login date for local account

Using the ADSI type accelerator in combination with WinNT provider we can retrieve the last logon time for a local account from the local SAM account database:

([ADSI]"WinNT://computer/jaapbrasser").lastlogin

I created a function for this specific purpose to simply get this information from local or remote systems; the function is available in the Microsoft TechNet Script Gallery: Get-LocalLastLogonTime


function Get-LocalLastLogonTime {
    param(
    [Parameter(
            Mandatory,
            ValueFromPipeline,
            ValueFromPipelineByPropertyName,
            Position=0
    )]
    [string[]]
        $ComputerName,
    [Parameter(
            Mandatory
    )]
    [string[]]
        $UserName
    )

    begin {
        $SelectSplat = @{
            Property = @('ComputerName','UserName','LastLogin','Error')
        }
    }

    process {
        foreach ($Computer in $ComputerName) {
            if (Test-Connection -ComputerName $Computer -Count 1 -Quiet) {
                foreach ($User in $UserName) {
                    $ObjectSplat = @{
                        ComputerName = $Computer
                        UserName = $User
                        Error = $null
                        LastLogin = $null
                    }
                    $CurrentUser = $null
                    $CurrentUser = try {([ADSI]"WinNT://$computer/$user")} catch {}
                    if ($CurrentUser.Properties.LastLogin) {
                        $ObjectSplat.LastLogin = try {
                                            [datetime](-join $CurrentUser.Properties.LastLogin)
                                        } catch {
                                            -join $CurrentUser.Properties.LastLogin
                                        }
                    } elseif ($CurrentUser.Properties.Name) {
                    } else {
                        $ObjectSplat.Error = 'User not found'
                    }
                    New-Object -TypeName PSCustomObject -Property $ObjectSplat | Select-Object @SelectSplat
                }
            } else {
                $ObjectSplat = @{
                    ComputerName = $Computer
                    Error = 'Ping failed'
                }
                New-Object -TypeName PSCustomObject -Property $ObjectSplat | Select-Object @SelectSplat
            }
        }
    }
} 

About the author: Jaap Brasser

Jaap is a Senior System Engineer in the Financial Services industry. He focuses on Microsoft and related technologies and has a passion for PowerShell. In his spare time he maintains his Blog, Twitter feed, @Jaap_Brasser, and contributes on the Official Scripting Guys Forum and Windows PowerShell TechNet forums

Related Posts