Script needed to query last logon for users within an AD security group

Similar Messages

• Script to pull out last logon date

  Hello,
  I have a list of user that I would like to pull out last logon date from AD.
  This is the script I am using at the moment but it produces blanks and I don't know what the blanks mean.
  Import-Module ActiveDirectory
  #This script requires PowerShell AD Module
  Import-csv "c:\scripts\samaccountname.csv" |
  foreach-object {get-aduser $_.samaccountname -Properties lastlogondate} |
  select name,Lastlogondate |
  Export-csv c:\scripts\LastLogon.csv -NoTypeInformation
  Please can you help?
  Kind Regards, PenDraKon

  If you want an accurate lastLogon date, you have to check across domain controllers.
  Here's an advanced function I created a while ago for this.
  Function Get-LastLogon {
  <#
  .SYNOPSIS
  Returns LastLogon information
  .DESCRIPTION
  Queries the LastLogin information for a user across domain controllers and returns the highest (latest) value
  .EXAMPLE
  Get-LastLogon User
  .EXAMPLE
  Get-LastLogon -Identity User
  .EXAMPLE
  Get-ADUser User | Get-LastLogon
  .EXAMPLE
  Get-LastLogon User1, User2
  .PARAMETER users
  List of users - pipeline can be used
  #>
  [CmdletBinding()]
  param
  [Parameter(Position= 0,
  Mandatory=$True,
  ValueFromPipeline=$True,
  HelpMessage='What user would you like to find the last logon for?')]
  $identity
  Begin {}
  Process {
  Foreach ($account in $identity) {
  $dateStamp = $null
  $domainController =$null
  Get-ADDomainController -Filter * | Foreach {
  $dc = $_.HostName
  $lastLogon = (Get-ADUser $account -Properties LastLogon -server $dc | Select-Object Name,@{n='LastLogon';e={[DateTime]::FromFileTime($_.LastLogon)}}).Lastlogon
  If ($dateStamp -le $lastlogon)
  $dateStamp = $lastlogon
  $domainController = $dc
  } # End of ForEach
  $properties = @{
  Name=$account;
  LastLogon=$dateStamp;
  DomainController=$domainController}
  New-Object -TypeName PSObject -Prop $properties
  } # End of ForEach
  } # End of Process
  End {}
  } # End of Function
  You can then run...
  Import-CSV ".\samaccountname.csv" | % {Get-LastLogon $_.samaccountname}
  or...
  Import-CSV ".\samaccountname.csv" | % {Get-LastLogon $_.samaccountname} | Export-CSV ".\report.csv" -noType

• Need Help to query Lync Database for User Information

  Need Help to Query the lync database to retrieve below user information.
  1. SIP Address of the registered user
          2. Phone Number configured to the particular account.
          3. IP Address
         4. Last Logged in time.
  I am trying to pull the above information from rtc database for all the registered users. Please let me know if this is possible and it would be great if you can throw some light on what tables to look for the data. Thank You.

  Hi,
  For SIP address and Phone number you can check RTC database.
  IP Address:
  You can refer to the link below to query IP address: 
  http://h30499.www3.hp.com/t5/Business-Service-Management-BAC/Monitoring-Lync-with-the-User-Registrations-Viewer-Free-NMC-tool/ba-p/5961497#.UtOU43mIrwo
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
  Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Last Logged in time:
  You can refer to the link below:
  http://blogs.technet.com/b/dodeitte/archive/2011/05/11/how-to-get-the-last-time-a-user-registered-with-a-front-end.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Querying CMS tables for users' security, history & favorites

  Hello,
  We are running BOBJ over a BW environment, and we've been asked to help design a Webdynpro interface that reads a user's security credentials in both BW and BOBJ servers and pulls in all reports, Bex or BOBJ, that they have access to.
  To do this, we would need to query the CMS tables for:
  All reports a user is authorized to view
  Groups a user is associated with
  User's History
  User's Favorites
  Does anyone have suggestions?  I've researched Query Builder, but I'm not sure if it can help us, as it accesses three virtual tables instead of the physical tables in the CMS.  The option I am guessing we will need to use is SDK. 
  I'm fairly new to both BW and BOBJ, so any advice is appreciated.
  Thanks
  Scott

  Hello Scott,
  Did you check the possibility of using Audit universe and reports? Please check below link for some useful sample files.
  http://scn.sap.com/docs/DOC-53904
  Regards,
  Nikhil Joy

• MDX Query much slower for users without administrativ rights

  We have a SQL 2012 SP1 with CU9 installed and run a MDX query against a Cube. The Problem is that the query runs very slow for a user without administrativ persmission on the cube. With admin rights it takes 3 seconds and without 30 seconds. I can't find
  any error in the query so maybe someone can pin point me in the right direction.The Role has all reading information it needs.
  This is the Query:
  SELECT NON EMPTY { [Measures].[Blocked Consignment], [Measures].[Consignment in Inspection],
  [Measures].[Restricted Consignment], [Measures].[Unrestricted Consignment] } ON COLUMNS, NON EMPTY
  { ([Date].[Date].[Date].ALLMEMBERS * [Materials].[Part Number].[Part Number].ALLMEMBERS *
  [Materials].[Key].[Key].ALLMEMBERS * [Sold To].[Name].[Name].ALLMEMBERS *
  [Stock Information].[Plant - Storage Location].[Storage Location].ALLMEMBERS * [Non Zero].[Zero Stock Status].[Zero Stock Status].ALLMEMBERS ) }
  ON ROWS
  FROM ( SELECT ( STRTOSET("[Non Zero].[Zero Stock Status].&[No]", CONSTRAINED) )
  ON COLUMNS FROM ( SELECT ( STRTOSET("[Stock Information].[Storage Location].&[1090]", CONSTRAINED) )
  ON COLUMNS FROM ( SELECT ( STRTOSET("[Stock Information].[Plant].&[1090]", CONSTRAINED) )
  ON COLUMNS FROM ( SELECT ( STRTOSET("[Sold To].[Name].[All]", CONSTRAINED) )
  ON COLUMNS FROM [Stock Snapshot]))))
  WHERE ( IIF( STRTOSET("[Stock Information].[Plant].&[1090]", CONSTRAINED).Count = 1, STRTOSET("[Stock Information].[Plant].&[1090]", CONSTRAINED), [Stock Information].[Plant].currentmember ),
  IIF( STRTOSET("[Stock Information].[Storage Location].&[1090]", CONSTRAINED).Count = 1, STRTOSET("[Stock Information].[Storage Location].&[1090]", CONSTRAINED), [Stock Information].[Storage Location].currentmember ) )
  Any one came across this is or is it a bug?

  Can you check which build of SSAS you've got installed? It looks similar to this bug:
  http://support.microsoft.com/kb/2905298/en-us
  Apart from that, if you have used cell security in your role, it would be expected that query performance would be slower for users of that role.
  Chris
  Check out my MS BI blog I also do
  SSAS, PowerPivot, MDX and DAX consultancy
  and run public SQL Server and BI training courses in the UK

• Need help with Java app for user input 5 numbers, remove dups, etc.

  I'm new to Java (only a few weeks under my belt) and struggling with an application. The project is to write an app that inputs 5 numbers between 10 and 100, not allowing duplicates, and displaying each correct number entered, using the smallest possible array to solve the problem. Output example:
  Please enter a number: 45
  Number stored.
  45
  Please enter a number: 54
  Number stored.
  45 54
  Please enter a number: 33
  Number stored.
  45 54 33
  etc.
  I've been working on this project for days, re-read the book chapter multiple times (unfortunately, the book doesn't have this type of problem as an example to steer you in the relatively general direction) and am proud that I've gotten this far. My problems are 1) I can only get one item number to input rather than a running list of the 5 values, 2) I can't figure out how to check for duplicate numbers. Any help is appreciated.
  My code is as follows:
  import java.util.Scanner; // program uses class Scanner
  public class Array
       public static void main( String args[] )
        // create Scanner to obtain input from command window
            Scanner input = new Scanner( System.in);
        // declare variables
           int array[] = new int[ 5 ]; // declare array named array
           int inputNumbers = 0; // numbers entered
        while( inputNumbers < array.length )
            // prompt for user to input a number
              System.out.print( "Please enter a number: " );
                    int numberInput = input.nextInt();
            // validate the input
               if (numberInput >=10 && numberInput <=100)
                     System.out.println("Number stored.");
                   else
                     System.out.println("Invalid number.  Please enter a number within range.");
            // checks to see if this number already exists
                  boolean number = false;
            // display array values
            for ( int counter = 0; counter < array.length; counter++ )
               array[ counter ] = numberInput;
            // display array values
               System.out.printf( "%d\n", array[ inputNumbers ] );
                 // increment number of entered numbers
              inputNumbers++;
  } // end close Array

  Yikes, there is a much better way to go about this that is probably within what you have already learned, but since you are a student and this is how you started, let's just concentrate on fixing what you got.
  First, as already noted by another poster, your formatting is really bad. Formatting is really important because it makes the code much more readable for you and anyone who comes along to help you or use your code. And I second that posters comment that brackets should always be used, especially for beginner programmers. Unfortunately beginner programmers often get stuck thinking that less lines of code equals better program, this is not true; even though better programmers often use far less lines of code.
                           // validate the input
     if (numberInput >=10 && numberInput <=100)
            System.out.println("Number stored.");
    else
                 System.out.println("Invalid number.  Please enter a number within range."); Note the above as you have it.
                       // validate the input
                       if (numberInput >=10 && numberInput <=100)
                            System.out.println("Number stored.");
                       else
                            System.out.println("Invalid number.  Please enter a number within range."); Note how much more readable just correct indentation makes.
                       // validate the input
                       if (numberInput >=10 && numberInput <=100) {
                            System.out.println("Number stored.");
                       else {
                            System.out.println("Invalid number.  Please enter a number within range.");
                       } Note how it should be coded for a beginner coder.
  Now that it is readable, exam your code and think about what you are doing here. Do you really want to print "Number Stored" before you checked to ensure it is not a dupe? That could lead to some really confused and frustrated users, and since the main user of your program will be your teacher, that could be unhealthy for your GPA.
  Since I am not here to do your homework for you, I will just give you some advice, you only need one if statement to do this correctly, you must drop the else and fix the if. I tell you this, because as a former educator i know the first thing running through beginners minds in this situation is to just make the if statement empty, but this is a big no no and even if you do trick it into working your teacher will not be fooled nor impressed and again your GPA will suffer.
  As for the rest, you do need a for loop inside your while loop, but not where or how you have it. Inside the while loop the for loop should be used for checking for dupes, not for overwriting every entry in the array as you currently have it set up to do. And certainly not for printing every element of the array each time a new element is added as your comments lead me to suspect you were trying to do, that would get real annoying really fast again resulting in abuse of your GPA. Printing the array should be in its own for loop after the while loop, or even better in its own method.
  As for how to check for dupes, well, you obviously at least somewhat understand loops and if statements, thus you have all the tools needed, so where is the problem?
  JSG

• Regd Last Logon of User Logged onto portal

  Hi Experts,
  I am new to Enterprise Portal developments. I have a requirement like to display the last logon date and time of a person logged onto the portal.
  The Last Logon date and time ought to be displayed in the portal masthead. I already tried a few methods in doing it but it was not successful.
  In my coding I used getUserFactory() method to get the user data, but the compiler is throwing a compiling exception. I have included the com.sap.security.api.jar file. (Development is done in NWDS)
  Still its showing error. Is there anything I am missing in the above method. Is there any easier method than the above ??
  Thanks in Advance. Your help will be highly appreciated!!
  Regards
  Anand Sekar

  Hi Anand,
  You can use the below code to get the information you are seeking. To test it create n abstract portal component and copy and paste below code:
  public void doContent(IPortalComponentRequest request, IPortalComponentResponse response)
            DataSource dataSource= null;
            ResultSet resultSet= null;
            String sqlStatement =null;
            ResultSetMetaData rsmd =null;
            String nativesqlStatement=null;
            try
            sqlStatement = "select MAX(TIMESTAMPHOUR),LOGONID from WCR_USERSTAT GROUP BY LOGONID";
                 InitialContext initialContext= new InitialContext();
                 dataSource= (DataSource) initialContext.lookup("jdbc/SAP/EP_PCD");
                 java.sql.Connection connection= dataSource.getConnection();
                 java.sql.Statement statement= connection.createStatement();
                 Statement stmt=NativeSQLAccess.createNativeStatement(connection);
                 resultSet= statement.executeQuery(sqlStatement);               
                 rsmd=resultSet.getMetaData();
                 if(resultSet!=null)
                      int m = 0;
                      response.write("<html>");
                      response.write("<body>");
                      response.write("<br>");
                      response.write("<TABLE width='100%' border='2' cellspacing='2'>");
                      response.write("<tr>");
                      response.write("<td>"+"LAST SUCCESSFULL LOGON" +"</td>" );
                      response.write("<td>"+"LOGONID"+"</td>" );
                      response.write("</tr>");
                      while (resultSet.next()) {
                           m++;
                           Timestamp ts = new Timestamp(resultSet.getLong(1));
                           response.write("<tr>");                         
                           response.write("<td>"+ts.toGMTString()+"</td>" );
                           response.write("<td>"+resultSet.getString(2)+ "</td>");
                           response.write("</tr>");
                      response.write("</table>");
                      response.write("<br>");
                      response.write("Record count is " + m);
                 catch (Exception e)
                       response.write("<br>Exception : " + e);
                       response.write("</body>");
                       response.write("</html>");

• Create logon for users to see the application only?

  Hello,
  I just built my application and I want to create a logon for only the user to see the application. I created a new user under Admin with no developer and administrator priveleges. I logout and when I logon as the new user, there is nothing on that page. How do I link the application that I built from developer logon to the new user's logon page. Basically, I want to logon as the new user and just see the application that was built. Any help would be appreciated.

  Dung,
  To run the application, do not use the URL that takes you to the Application Builder. Start a new browser session and use a URL like http://host:port/pls/DAD/f?p=5000:1, where 5000 is your application's ID (example only) and page 1 is the page to display after login. Your application will probably have the default HTML DB authentication scheme so that you'll see a login page first, then go to page 1 after authentication.
  Scott

• I need a SQL to find all users within OID

  Hi,
  I'm trying to find all usernames and last logon in OID and was thinking of two ways to do this.
  1. query OID with ldapsearch
  2. query LDAP schema in Oracle database.
  Any ideas on how to do this and what is the best way. If a sql in the database could solve this it would really be the best way for me.
  Regards
  Morten

  I did a:
  SELECT DISTINCT user_name
  FROM orasso.wwsso_audit_log_table_t
  WHERE action_code = 1001
  But this only gives me the users that have loged on to SSO.. I need all users even those who haven't loged on.
  All help will be really good.
  Regards

• Last login of user within responsibility

  Hi,
  Does the last login date of a user within a responsibility exist anywhere?
  I am supposed to add this date to an existing report and I can't seem to find it nor can I find this information in the forum.
  Thanks.
  Leah

  Is it possible to create a report of users within a responsibility and use the QP_STATS table to identify the time of the last Discoverer Worksheet they ran? This assumes the QP_STATS option to collect statistics is turned on for all users/responsibilities. I understand this may not be 100% accurate but it may help provide some information on when a login user of a responsibility last ran a query.

• No system available for user mapping in create new group.

  Hi Experts,
  I faced this problem when i create a new group
  "There are no systems available for user mapping for the selected principal."
  i checked that my server is running well with other groups.
  i would just like to ask what determines the "selected principal"? is it because i select the wrong roles or the roles does not need the system?
  i'm confused as some previous groups i created works well until this new group, i've tried to create a new 1 but the problem still exsist.
  Thanks.

  hi,
  Define permission to the system that you have created.
  right click on hte system that you have ccreated  - > in properties dropdown go to permissions -> search the group/ user for which you want to map this system - > and give permission as enduser.
  this will make your system accessible while user mapping.
  regards,
  Sujay

• Reseeding cache for users with role based security

  I have role based security and trying to set up cache by purging all cache and later seeding cache by query. The query would be different for different users. What is the best way to purge all cache and reseed cache for administrator as well as all users. The EPT would purge cache based on updated tables. But how do I next go about reseeding cache for better performance to all the users. Thanks.

  I have created an ibot with the following:
  General - Normal Priority, Personalized (recipient's data visibility)
  Conditional Request - example_report
  Schedule - some schedule
  Recipients - Me(administrator) and User1
  Destinations - Oracle BI Server cache
  when the ibot runs 2 cache entries are created (for the 2 recipients).
  I have the report (example_report) on the dashboard (1 dashboard, 1 page, 1 report).
  After the ibot runs:
  When the administrator logs in first, there is a cache hit on the report. Followed by when the User1 logs in there is NO cache hit.
  On the other hand when the User1 logs in first, there is a cache hit on the report. Followed by when the administrator logs in there is no cache hit. The query log creates a Query issued to the database instead of cache hit on query.
  The User1 has a data level security.
  Please let me know where was I making an error in setting the ibot and how to get the cache seeding work for the different users with different role based security.
  Thanks for your inputs.

• Mail server automatically cc all email for user to other acct but group...

  Back on April 2007, David_X answered this question:
  How to have the mail server automatically cc all e-mail for user to other accounts, (gmail, hotmail, etc). Here is the old post that explains that:
  http://discussions.apple.com/thread.jspa?messageID=4357149&#4357149
  What I did not catch at the time was if you setup a Group, one of three ways, the cc step no longer works. There is a fourth way but it is not practical. Creating local groups on individual Macs.
  *Group method 1 per David_X:*
  Use edited group files on the server.
  The following sends to members of groups but does not show all recipients in the received message...
  In /etc/postfix/aliases, add...
  groupname: :include:/path/to/groupname.txt
  In a file called groupname.txt (using plaintext editor)...
  [email protected]
  [email protected]
  Reload aliases...
  sudo newaliases
  sudo postalias aliases
  sudo postfix reload
  Mail sent to [email protected] gets passed to amavisd once, before then being relayed out for each individual recipient.
  *Group method 2 per David_X:*
  Make a user, e.g., "accounts"
  In mail settings, select 'Forward' option and enter the group members' email addresses, comma separated e.g.,
  [email protected],[email protected]
  This gets a bit 'long' for lots of members.
  The email then gets sent to each of the people in this list.
  *Group method 3 that I just discovered:*
  Create a group in Workgroup Manager.
  Drag the users you want in it.
  Save.
  Test sending to that group.
  Best part, the group name shows up in Address Book if you have LDAP setup.
  So I have setup all three. If I send an email to any type of group, they work.
  The problem:
  If one of those members in the group also has a BCC setup to Gmail or any other outside email, they never get the e-mail copied out to the external account.
  Example:
  I send an email to [email protected]. He gets the email there and also a copy at his Gmail account.
  If I send an email to the Sales group that jsmith belongs to, he gets the email there but nothing at the Gmail account.
  It looks like the mail server processes the "aliases" file and skips the "Recipient_bcc" file that handles the forwards.
  Is there a way to have my cake and eat it too? David_X your thoughts also?
  Thanks everyone!

  Bump.
  Short version. Sales guy has a Gmail account he wants his e-mail copied to also.
  Send e-mail directly to his Xserve account, he gets it there and it gets sent on to his Gmail account.
  Send an e-mail to the sales Group that he is a member of, he gets it there but it never gets sent out to the Gmail account.
  Ideas?

• Populate the EmployeeID attribute of a user, based on their security group membership in Active Directory

  Hey guys, I need to create a script that assigns a value to the EmployeeID of every user that is a member of a particular AD security group.
  For example, there are the following groups - Accounting_01, Accounting_02, Accounting_03. The script has to read what members there are in these groups and assign to the people of Accounting_01 an EmployeeID of 01, to the people of Accounting_02 an EmployeeID
  of 02, and to the people of Accounting_03 an EmployeeID of 03.
  I have a script that adds a user to a security group, based on the value of a certain attribute, but not the other way around. Have you written such a script? Thanks in advance

  I haven't tried the code, because I don't have AD cmdlets.
  But I see some discrepancies between the documentation and your code.
  Looking at http://technet.microsoft.com/en-us/library/hh852287.aspx (Set-ADUser cmdlet) we can read for the
  -Replace<Hashtable> parameter: ... Use this parameter
  to replace one or more values of a property that cannot be modified using a cmdlet parameter ...
  But the OP referred to EmployeeID, which is a Set-ADUser cmdlet parameter (look for -EmployeeID),
  thus, cannot be used with -Replace<Hashtable> parameter (as per the documentation).
  Also, the documentation states for this same
  -Replace<Hashtable> parameter: ... To modify
  an object property, you must use the LDAP display name ...
  And the LDAP display name for EmployeeID is employeeID, and not employeeid as in your code (although I'm
  not sure if LDAP display name
  is case sensitive).
  As you say your code works correctly, I
  suspect that you created a new property named employeeid, which is not the same referenced by the parameter
  -EmployeeID.
  The documentation merely says that it can be used to modify attributes that do not have their own parameter. If they were to include a parameter for every AD attribute the list would be huge. It doesn't imply that -replace cannot be used instead of the defined
  parameters.
  I must admit that I didn't realise that -EmployeeID could be used as I didn't consult the documentation before I wrote the code but I can confirm that using the method I posted the employeeID attribute was modified. It didn't create a second attribute with
  different letter casing.

• Remove users from Sharepoint site security group

  I have to close a share point 2007 site for all users for an update. I don't have access to CA. the easiest approach is to remove the users from security group and add them back when the site modification is done. All users all under "NT/Aunthenticated
  users" and they are in Members group. I'm just wondering will it cause any issues when adding them back or it can be done in 1 click. Do i need any tweaks from CA side to add them back?
  Any response is appreciated.
   Thanks!

  Once you add the users back to the site, it should work as expected.
  >>Do i need any tweaks from CA side to add them back?
  No i believe, because you are changing the permissions at site level.
  My Blog- http://www.sharepoint-journey.com|
  If a post answers your question, please click Mark As Answer on that post and Vote as Helpful