Results 1 to 3 of 3

Thread: Any Powershell Experts? (Display "LastLogon" for last 30 days)

  1. #1
    Squeeler Vini's Avatar
    Join Date
    Jul 2003
    Location
    Sheffield
    Posts
    1,769
    Thanks
    44
    Thanked
    8 times in 8 posts

    Any Powershell Experts? (Display "LastLogon" for last 30 days)

    Any PowerShell experts kicking about?

    I need/want to retrieve an 'access log' against a specific mailbox for the last 30 days.

    Can I?
    How would I?

  2. #2
    Senior Member
    Join Date
    Feb 2008
    Posts
    914
    Thanks
    4
    Thanked
    155 times in 143 posts
    • smargh's system
      • Motherboard:
      • Gigabyte GA-EP45-UD3P
      • CPU:
      • Xeon E5450 with 775-to-771 Mod
      • Memory:
      • 16GB Crucial
      • Storage:
      • Intel X25-M G2 80GB/Adaptec 3405 4x 2TB Ultrastar RAID1 / 1x 6TB Hitachi He6 / Dying 2TB Samsung
      • Graphics card(s):
      • GTX 750 Ti
      • PSU:
      • Seasonic X-560
      • Case:
      • Lian-Li PC-A71
      • Operating System:
      • Windows 7 Ultimate 64bit
      • Monitor(s):
      • BenQ G2400WD
      • Internet:
      • Really Crap ADSL2 <3Mbit

    Re: Any Powershell Experts? (Display "LastLogon" for last 30 days)

    Actual mailbox access? For Exchange 2003 that's recorded as event ID 1009 in the Application event log.

    Our mail server has a max size Application event log of 100MB and it only contains a max of two days worth of events....

    For actual AD account logons, the LastLogonTimestamp is the least unreliable, but it can still take up to 30 days depending on the DC, replication times, and what type of logon it was. That's also just one timestamp attribute for a user - it's not an access log. Domain controller event logs might be your best bet, but they're nothing to do with mailboxes & the logs only last so long, just a few hours on weekdays on our servers.

    For OWA logons, the IIS event logs are excellent and do include usernames, and probably don't include (many?) false positives. OWA is also used for the SSL proxy feature of Outlook, which might be useful depending on your particular environment.
    Last edited by smargh; 25-10-2011 at 08:48 PM.

  3. #3
    Registered+
    Join Date
    Aug 2011
    Posts
    23
    Thanks
    3
    Thanked
    1 time in 1 post

    Re: Any Powershell Experts? (Display "LastLogon" for last 30 days)

    LastLogon is a single field entry and does exactly what it says, get's the last logon attempt, successful or not. Without auditing turned on you're a little stuck.

    However, you can use;

    Get-LogonStatistics -Identity <LogonableObjectIdParameter> [-DomainController <Fqdn>]

    from within EMS to pull some figures which will help you build up a picture. It has to be run on every domain controller in the organisation though to capture all events.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Display a little fuzzy the last few days
    By Merlin4458 in forum Help! Quick Relief From Tech Headaches
    Replies: 2
    Last Post: 23-05-2008, 01:53 PM
  2. ATI Catalyst 5.8 released
    By =TcQi= in forum Graphics Cards
    Replies: 17
    Last Post: 18-08-2005, 12:35 AM
  3. CAT 4.6's
    By Steve in forum Graphics Cards
    Replies: 18
    Last Post: 13-06-2004, 11:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •