We all have systems to audit, track and report on to ensure only approved user accounts are logging into company resources. One of my favorite, and quick, ways to check the number of user accounts and user account activity is to check the “LastLogon” attribute in Active Directory via PowerShell. This also helps you identify any old accounts that have yet to be cleaned up. Well…..and a reminder of that service account with the interesting name.
There are many examples of PowerShell scripts to get this attribute. However, not all examples I have come across work correctly and some only cover the “Get-ADuser $UserName -Properties Lastlogon” for a single user, not an entire organization.
What if you have multiple DCs? The script below looks at all domain controllers and organizes the data into a three column report giving you valuable insight to your user account activity. Modified by: Luke Truan
Security Awareness Training: Could you Spot the Spoof?
With the PowerShell script above, did you find some unexpected results or user accounts that you had forgot about? A new security breach happens more times in a day than most realize. Now is the time to be more engaged with all of the user accounts in your organization. How likely is it that any one of these accounts will be a part of a system or network breach?
If you have trouble answering that question, you are not alone. It’s not a question of IF, but WHEN will someone interact with an email, webpage, or plug in a USB drive that puts your systems and network at risk. With security awareness training you can keep everyone educated on how to spot the red flags, spoofed email address, spoof domains, landing pages and more. You can quickly gain insight on which groups and user accounts are most susceptible to a social engineering attack. Data is organized into easy to read visual dashboards and reports.