0

I'm currently attempting to find out which members of a particular group have not logged into AD within the last 30 days. I've managed to return all users of the group but I'm having problems when piping this to a Foreach-object loop.

import-module activedirectory

$DaysInactive = 30
$time = (Get-Date).Adddays(-($DaysInactive))

get-adgroupmember -identity "Remote Users" | foreach-object {
    if ($_.LastLogonDate -lt $time) {
        write-host $_.SamAccountName
    }
}

I think the problem is that I'm using an AD user attribute when calling LastLogonDate and as a result I receive an error saying that it is not recognised. I'm imagining that within the loop I need a get-aduser cmdlet but I'm unsure what to send as the value for -filter.

When PowerShell retrieves all members from the get-adgroupmember does it place the result set in an array? If so how can I retrieve the value of last logon date?

Improve this question
4
  • 3
    Should be: if ($_.LastLogonDate -lt $time) Commented Nov 25, 2014 at 16:13
  • 1
    Also, the .LastLogonDate property is not retrieved by default. You will need to take each of the items returned from Get-ADGroupMember and use Get-ADUser to explicitly get the .LastLogonDate property. Commented Nov 25, 2014 at 16:16
  • @EBGreen you're correct. Since applying arco444's suggestion it now returns all members without seeming to evaluate the conditional statement. What do I specify with Get-ADUser as I need to specify a filter? Commented Nov 25, 2014 at 16:46
  • Edit your question with your current code please. Commented Nov 25, 2014 at 16:48

2 Answers 2

Reset to default
1

Something like this?

Get-ADGroupMember -recursive -identity "Remote Desktop" |
    Where { $_.objectClass -eq "user" } |
    Get-ADUser -properties SamAccountName, LastLogonDate |
    Where { $_.LastLogonDate -lt $time } |
    select SamAccountName
  • filter out groups
  • i guess you want all nested members?
  • load the LastLogonDate
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Since you already have a pipeline I'd use ... | ? { $_.LastLogonDate -lt $time } | select -Expand SamAccountName instead of the ForEach-Object loop with the nested if statement.
0

Alright, I don't have the time to fully test this so it is off the cuff, but this should get you going in the right direction:

import-module activedirectory

$DaysInactive = 30
$time = (Get-Date).Adddays(-($DaysInactive))

$users = get-adgroupmember -identity "Remote Users"
foreach($user in $users){
    $lastLogin = (Get-ADUser $user -Property LastLogonDate).LastLogonDate
    if($lastLogin -lt $time){
        Write-Host $user.SamAccountName
    }
}
Improve this answer

1 Comment

Converting a complicated pipe command into a more structured foreach loop like this is the way to go on this one. This way it is very clear what objects you are working with.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.