Here a a few PowerShell script that I use to look al logs and user accounts.
To finding the latest logon time
•Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName username).LastLogon } | Measure-Latest
•The following example demonstrates how to find inactive user accounts:
•Search-ADAccount -AccountInactive | where {$_.ObjectClass -eq ‘user’} | FT Name,ObjectClass –A
•The following example demonstrates how to find user accounts that have been inactive for 90 days:
•Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | where {$_.ObjectClass -eq ‘user’} | FT Name,ObjectClass –A
Retrieving Local Security Log Information
On a local computer, the PowerShell Get-EventLog cmdlet
•get-eventlog-list
•get-eventlog -list |<br>where {$_.logdisplayname -eq `<br>”security”}
Find all users who have “Password Never Expires
Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass –A
To Determine Who Has Never Logged On
get-aduser -f {-not ( lastlogontimestamp -like “*”) -and (enabled -eq $true)}
Find the Location of a Locked-Out User (jferron)
$DomainControllers = Get-ADDomainController -Filter *
Foreach($DC in $DomainControllers)
{
Get-ADUser -Identity jferron -Server $DC.Hostname `
-Properties AccountLockoutTime,LastBadPasswordAttempt,BadPwdCount,LockedOut
}