How do I list users that haven’t logged on in the past 30 days?

Using Active Directory last logon to get list of expired users

1. Open Active Directory Exporter and load an AD snapshot

2. Select the Default Report and click on Load Report to load the report.

3. Click Continue to display the report

4. Click on the Filters toolbar button

Active Directory Exporter5. Under the Custom Filters section, click the Property field and select ‘lastLogonTimeStamp

6. Click the Expression field and select Prior to x minutes ago

Active Directory Export of users logged on in past 30 days

7. In the Value field type 63360 (see below to see how this value was calculated)

9. Click Apply and Run to the view the results

10. You can now Export the results to HTML or CSV through the Export button

How the minutes were calculated:

There are 60 x 24 minutes in a day = 1440
Multiply by 30 days = 43200
Add another 14 days due to the frequency at which the lastLogonTimeStamp is updated = 63360

Since a user could have potentially logged in within the 14 day period after the last time stamp, we need need to add 14 days to make sure we dont include them. The lastLogonTimeStamp attribute is only accurate to within 14 days by design (to prevent heavy replication traffic) so you may want to experiment with this value.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.