Loading...
 

Greg`s Tech blog

Powershell and the lastLogonTimestamp

Tuesday 29 of June, 2010
I wrote a query that will find all AD accounts created more than 30 days ago that have Never
logged in or haven't logged in in over 60 days. I used Powershell v2 and the Quest AD module.
Here's the query I started with (reformatted for the reader, but this is a one-liner)

Get-QADuser -searchroot "corp.net/user accounts/users/OurOU" | where 
 { 
   ($_.whencreated -lt ((get-date).adddays(-30)) ) 
   -and 
         ( 
            ( $_.lastLogonTimestamp -like "Never") 
               -or 
            ($_.lastLogonTimestamp -lt ((get-date).adddays(-60)) 
         ) 
 }

When it runs, accounts that have never logged in are listed correctly, account that have been
logged in, generate an error:
"Bad argument to operator "-lt" : Cannot compare "Monday, June 16 2010" because it is not iComparible"
(The error is pointing to the last line of code above)

Since Monday, June 16 2010 looks like a date, I expected it to fail in the comparison to Never, but it fails in comparison to another date.

It turns out the Quest AD snap-in (which is a great tool, BTW), interprets the value of lastLogonTimestamp
to make it display nicely (really, who can understand 175234539836?). What I need is to process
my compare on the raw data. That is accessed by appending .value to the attribute. So the working code look like this:

Get-QADuser -searchroot "corp.net/user accounts/users/OurOU" | where 
 { 
   ($_.whencreated -lt ((get-date).adddays(-30)) ) 
   -and 
         ( 
            ( $_.lastLogonTimestamp.value -like "Never") 
               -or 
            ($_.lastLogonTimestamp.value -lt ((get-date).adddays(-60)) 
         ) 
 }

Now PowerShell can access the real value and transpose between variable types to get me the right answer.

\\Greg