Skip main navigation (Press Enter).

PowerCLI

View Only

Back to discussions

Expand all | Collapse all

Compare AD LastLogon & VM LastLogon

stuartgmiltonJul 04, 2014 10:29 AM

Hey Guys, I have a sneaky suspicion that my AD LastLogonTimeStamp may not be correct. Is there ...

LucDJul 04, 2014 08:08 PM

Provided you audit logon/logoff events in the Windows guest, you could run the following script through ...

1. Compare AD LastLogon & VM LastLogon

Recommend
stuartgmilton
Posted Jul 04, 2014 10:29 AM

Reply Reply Privately
Hey Guys,
I have a sneaky suspicion that my AD LastLogonTimeStamp may not be correct.
Is there a way to extract the last logon time from the guest os using powercli?
Many Thanks,
Stuart
2. RE: Compare AD LastLogon & VM LastLogon

Recommend
LucD
Posted Jul 04, 2014 08:08 PM

Reply Reply Privately
Provided you audit logon/logoff events in the Windows guest, you could run the following script through Invoke-VMScript
$test = [RegEx]"(?smi)Logon Type:\s*(?<type>\d*).*?New Logon:.*?Account Name:\s*(?<user>\w*)"
$events = Get-EventLog -LogName Security -InstanceId 4624
$events | %{
$result = $test.Match($_.Message)
$_ | Select TimeGenerated,
@{N="LogonType";E={$result.Groups["type"].Value}},
@{N="User";E={$result.Groups["user"].Value}} |
Where {$_.LogonType -eq 2}
}
You have to update the Get-EventLog line with a date or the number of events to limit the number of data that is returned

Copyright 2024. All rights reserved.

Powered by Higher Logic

Global message icon